keeping you informed, legal and fair

The Data Protection Act 1 998 (DPA) seeks to ensure organisations (data controllers) controlling information relating to living individuals (personal data) deal with that data lawfully, fairly and transparently from the moment that the personal data is obtained, until its destruction or disposal.

The regime is underpinned by eight general data protection principles designed to ensure data controllers adhere to certain standards with regard to data processing. The principles require, for example, that controllers ensure personal data is accurate, up to date (where necessary), processed only for specified purposes, and kept for no longer than is necessary.

One of the data protection principles requires that data controllers take appropriate measures to ensure personal data is not lost, stolen or misused. High-profile data security incidents, such as the loss by Her Majesty's Revenue and Customs of discs containing child benefit information for millions of families, have caused widespread concern among the public.

More specifically, however, they also highlighted that the data protection watchdog, the Information Commissioner's Office (ICO), had inadequate powers to punish data controllers found culpable for failing to meet the standards required by the DPA.

...