Personal Computer News


Privacy Probe Looms

 
Published in Personal Computer News #076

Privacy Probe Looms

Thousands of micro users could soon find Government inspectors checking up on them under the Data Protection Act.

The new Act's main provisions come into force next year. It applies to anyone (including clubs and individuals) who operates a computer system that holds information relating to an individual who can be identified from the information.

Under the terms of the Act, an individual has the right to know if information is held on a computer; to inspect the information; and to request that any incorrect information be changed or removed.

The Act will be policed by a Registrar who has powers to ensure such corrections are made.

The Registrar, who takes up the post in September, will be Eric Howe, currently deputy director of the National Computing Centre.

The NCC has already been inundated with enquiries about the implications of the Act and as a result has just published a layman's guide to how the legislation works.

And it is clear from the guide that users of home micros could well be in the firing line.

The only exemptions from the Act, apart from payroll records and information dealing with regional security, are where the information is kept for domestic or recreational purposes.

So it would appear that keeping names, addresses and telephone numbers of friends on your home micro is outside the scope of the Act. Similarly, a sports club that runs a computerised mailing list of club members is also exempt.

But anything wider than this could require registration under the Act.

For example, a club that keeps a computerised list of people who have contributed, or are likely to do so, to a fund-raising appeal may have to register.

The registration provisions under the Act will probably not come into force until the middle of next year (no date has been set). It will then take some time before the dividing line between those exempt and those not is firmly drawn.

"I can only give a ruling on an individual case if someone writes to me," said Howe. "It will take a lot of case decisions before a sharp picture emerges. At the moment the edges need closer definition."

It is unlikely that Mr. Howe will take a Draconian approach. "I would like to try and make common sense prevail," he said.

Guide to the Data Protection Act, National Computing Centre, Oxford Road, Manchester M1 7ED, price £1.50.

Act Timetable

It's a long and winding road that data protection and privacy has travelled in this country, leaving the UK well behind other countries in implementing legislation to protect the individual.

Milestones along that road include:

  1. December 1978: The Lindop Committee, named after its chairman Sir Norman Lindop, becomes the latest committee to report to the Government on the issues involved and recommends a series of codes of practice backed by a Data Protection Authority with wide powers.
  2. December 1982: The Government follows up a White Paper with its first Data Protection Bill. It rejects the Lindop approach, preferring instead compulsory registration with the individual having the right to inspect the information held and to demand changes or erasure.
  3. May 1983: Bill bites the dust because of General Election.
  4. June 1983: Government publishes revised bill.
  5. July 12, 1984: Bill completes weary passage through Parliament and gets the Royal Assent.

Ralph Bancroft