Data Protection: Have we got the message yet?

Data Protection law is not a big news story to either marketers or the general public.  What is news however, are the latest developments in a series of efforts to actually enforce the legislation.  Last month two organisations, one a county council, were fined by the Information Commissioner.

For many, data protection is a grey area.  The latest iteration, released in 1998, outlines in eight relatively clear points how data should be handled and transmitted.  It is interesting to consider that despite many companies failing to comply, it has taken twelve years for an organisation to be financially penalised by the ICO for breaching the rules.

It is reassuring to know the mistakes made by Hertfordshire County Council were taken seriously:  the council is to be fined £100,000 for faxing details of a child sex abuse case to the wrong recipient on two cocasions.  However, the lack of penalties until now is suspicious.  Where companies themselves are having difficulty interpreting the requirements of the Act, the authorities are apparently having equal difficulty investigating suspected breaches.  This points to a potentially serious problem: as the lastest WikiLeaks release is continuing to spectacularly demonstrate, mismanaged data can have very serious consequences. 

The detail of the Act itself is easily overlooked.  In Hertfordshire's case the relatively outdated transmission method of faxing was involved, which produces useful hard evidence at the moment of contravention.  Email, however, is an entirely different area.  Many businesses are unaware that simply forwarding a message from one person to another can breach the Act as crucial data from the original message is carried forward to the final destination in possible breach of data transmission regulation.

With billions of such transmissions every year and an ever growing pool of data being kept on each one of us, responsible handling of information has never been more important.  The Information Commission is hoping these inaugural fines for breaching data protection law will send a strong message to organisations handling data; if these cases, in addition to government blunders and WikiLeaks, can't stem the tide of mistakes the legislation itself may have to be reviewed.