Beware – the Information Commissioner cometh!

The Data Protection Act 1984 was the first data protection legislation implemented in the UK. However, for many years it was largely ignored and there was little evidence of any determination to enforce on the part of the Data Protection Registrar.

In 2000, most of the Data Protection Act 1998 came into force and the name of the office was changed from the Data Protection Registrar to the Data Protection Commissioner and the year after changed again to the Information Commissioner (“ICO”).

The regime now has sharp teeth and contravention of the Act is a criminal offence punishable by an unlimited fine, and the ICO itself has the power to levy fines of up to £500,000 for those who misuse personal information.

The ICO recently decided to reinvestigate Google in relation to information gathered from private wireless networks during the company’s controversial Street View project.

This may not seem immediately relevant to your company but may well be as it is a sign of the increased profile of the Data Protection regime and the appetite of the ICO to enforce UK Data Protection Legislation more vigorously.

The ICO was acting in response to concerns that the Street View technology was grabbing personal information from unsecured wireless networks but the essence of the investigation and, indeed, the ICO’s function is the protection of personal information relating to UK  individuals.

One of the main concerns underpinning the UK Data Protection regime and associated legislation is that individuals should be made aware of any intended use of their personal data before such data is collected.

This may be relevant to various aspects of internal corporate life, notably the right to collect personal data and track personal behaviour of employees and the use that will be made of such data.

In relation to online activity, it is fundamental that there be a well-drafted privacy policy which informs website visitors what use will be made of personal information that is collected.

Such policies should cover issues such as any export of such data outside of the EU/EEA and sharing information with affiliated companies or an acquiror.

For further information or assistance, please contact Simon Halberstam on 020 3206 2781 or by email to simon.halberstam@smab.co.uk.