Jamie Cowper, marketing director EMEA at data protection specialist PGP Corporation, has made the following comments about this anniversary:
“The world of electronic information has changed almost completely since the enactment of the DPA in 1998. The sheer proliferation of data within both public and private sector organisations in terms of stored records and transactions is mind-boggling. As a result, I’d be surprised if nearly all companies aren’t in some way contravening the Act as it currently stands, whether they realise it or not.
The DPA was a good step in the right direction, and has definitely done a lot to raise awareness of how consumers’ personal information is used and sometimes abused by organisations. However, it has perhaps been less effective in penalising those companies that have mishandled data, with, for instance, permission for inspections needed before any action can be taken. For the DPA to be more than a symbolic reminder that companies should safeguard and control the data in their possession, it needs to be given much sharper teeth.
The increased reporting of data loss incidents – from missing CDs to hacked databases – has simply shown how lax many organisations have become in following the guidelines laid out by the Act. If the DPA is to be of use in reducing such incidents, it must be positioned as a visible deterrent with punitive powers.
Consumers are quite rightly becoming increasingly distrustful of sharing personal information with both big business and the government. The only way to reverse this trend is if they see positive action being taken to protect this data via better security policies and more encryption – and are assured that organisations that break the rules are made to regret it.”