More than policemen needed to safeguard data

A new police group intends to keep businesses on the data protection straight and narrow. Greater public awareness of the issues is needed to make this work

Data protection is one of the most important yet least understood aspects of commercial and governmental IT. Concerns about access and control are at the heart of the controversy over the Government's ID card proposals, and any victim of identity theft knows the profound problems caused when information does get into the wrong hands. Personal data acquired by organisations is held in trust: it has value to them, but it is vital to those to whom it refers.

The formation of the Regulatory Action Division (RAD) by the Information Commission is one sign that the powers that be are taking these issues seriously, at least in the corporate sphere. We often read about security mishaps where organisations lose control of personal data, but this rarely leads to prosecution for such carelessness. The existence of the RAD will raise the profile of the legal ramifications of data mishaps.

Yet more is needed. The law is convoluted, and while large organisations can be expected to have the necessary level of expertise to manage compliance this is often not the case. This makes it doubly hard for ordinary users to understand and apply their rights. Take the recent case where a health professional had to withdraw from being an NHS patient in order to protect her medical data — it turns out that this was not necessary, despite advice to the contrary. We have a government which is very keen on acquiring and using large amounts of personal data: it does not seem so keen on educating people about their rights and responsibilities.

Without a much greater public awareness of these, the RAD and others who police IT will find their jobs much harder than necessary. For crime to be resolved, it must be reported — and to be reported, it must be recognised. Only a cynic would suggest that there may be ulterior reasons behind this lack of education, that the government might not welcome an informed and aware populace active in defence of its privacy. Yet our personal information has to be defended at all levels from all who would use it against our interests. A government committed to this would leave us in no doubt how to achieve it.