By Dr Chris Pounder
Discussion is no longer confined to aficionados at group
get-togethers; for a few exciting days data protection and security
has been headline news and the topic on everyone's lips. And so it
should be. Our privacy is important and organisations which process
our personal data have to show them respect.
The fallout from this event will continue for some time: more
powers for the Information Commissioner, more penalties for
transgressors, more bad press for HMRC (and possibly HMG and other
public bodies) and, hopefully, higher status for those who toil at
the data protection coal-face.
Those data protection officers who are asked by senior managers,
"What are the penalties under the Act?", now have a ready answer:
"It’s the wrong question. Look at HMRC. No one is fined. No one is
prosecuted. The senior manager lost his job. But the real damage is
the undermining of public trust in the whole enterprise".
Indeed, in this particular case, a whole spectrum of public
sector data processing could now be at risk as some large
government projects, built around large, centralised indexes and
databases, might not attract the degree of public confidence that
they need to succeed. And note that it supposedly took just one
junior employee to cause all the current problems.
There are important lessons to be learnt from this episode but
we must also be alert to the dangers. This society depends on its
personal data processing for it to function and, in many
circumstances, data sharing is essential for our society to work.
Such processing needs the trust of the public – and once trust is
lost, it can be difficult to recover. So, enjoy basking in the
daylight and possibly those feelings of Schadenfreude for the
moment. But remember, when the pieces eventually settle, it will be
our jobs to pick up them up and regain that trust.
Dr Chris Pounder is the editor of the Pinsent Masons
publication Data Protection Quarterly and runs data protection
training for organisations across the UK.
