UK firms face fines, imprisonment or even closure under an EU data protection directive that became law on Wednesday.
The new Data Protection Act will impact Internet firms because it requires businesses to make clear what they intend to do with information collected on Web sites. It also will also affect offline companies, ruling that no personal data held on computer systems is sent or leaked -- maliciously or accidentally -- to organisations outside the EU.
David Smith, assistant registrar at the Data Protection Registrar, admits that the new law may damage e-commerce. "While I don't think it stifles it, it does regulate e-commerce. Obstacles will be put in the way of businesses trading with the States," he said. But he insists it is in the interests of consumers. "People need to know where information is going and how it is being used." According to Smith, any sort of covert tracking arrangement needs to be made clear, otherwise firms will face criminal proceedings.
The legislation will also affect offline firms, warned managing director of security firm CenturyCom. "Data transmission via email is where compnaines are most likely to get caught out," he said. Without tight guidelines on the use of email, firms could find themselves 'staring down the end of the gun-barrel'," he claimed.
Worryingly, the majority of companies are ignorant of the laws regarding personal data, according to a survey commissioned by CenturyCom. The survey found that over three-quarters of 50 leading UK companies were unaware of the new legislation.