UK Home >  OUT-LAW News >  News Archive >  2008 >  January 2008 >  Debunking six myths of the Data Protection Act

Debunking six myths of the Data Protection Act

OUT-LAW News, 31/01/2008

Recent security scandals have raised the profile of the Data Protection Act (DPA). But 10 years after it was passed, many organisations still misunderstand it. Sue Cullen of Pinsent Masons' information law team debunks some of the common myths.

Data Protection Day 2008
Monday was Data Protection Day. Find out how you can win the textbook on data protection.


Myth 1: The DPA says you can't market to people without their consent

No it doesn't.  All it says is that you have to tell people when you collect their information that it will be used for marketing. But individuals can object to marketing whenever they want under a DPA right, and electronic marketing (including phone and email) normally requires consent under the Privacy and Electronic Communications Regulations. 

Myth 2: You can't process my details without my consent

There is nothing in the DPA that stipulates that consent must be obtained for any specific processing operation. The Act offers six ways in which you can comply, you only need one, and only one of them is consent of the individual.  Some people think that they can dictate to banks and other organisations as to how their information is used, but although there are limited rights to object to certain processing which causes distress, if processing is necessary for a contract, for example, then no consent is needed. 

Myth 3: We will never share your details with anyone else

Not exactly true. Someone making this promise might not give customer data to a spammer but they may be forced to give it to the police. Alternatively, the company might be bought, in which case the customer data may pass to a new owner.

Myth 4: We can't investigate the theft/loss/fraud because of the DPA

The DPA allows organisations to disclose information to the police and other law enforcement agencies if they believe that not to do so would be prejudicial to the prevention and detection of crime. It also allows disclosure where the organisation has a court order or is exercising a statutory power to require disclosure. The corollary is that disclosure can be refused if the requesting party has no court order or other authority.
The provisions in the DPA that allow you to do this accord with human rights legislation and strike a balance between the interests of a crime-free society and the individual's right to privacy.

Myth 5: We're not allowed to tell you what went wrong because of the DPA

You shouldn't be hiding behind the Act if you have made a mistake. People exercising subject access rights will generally have the right to be told what went wrong. There are other provisions that allow disclosures where they are in the public interest.

Myth 6: We can't talk to you about your grandmother's electricity bill

Wrong. If Gran authorises you by phone or letter to discuss her bill and the company accepts that, there is no problem.

 

 

Advanced Search
UK Home | 
OUT-LAW News | 
This month's news | 
News Archive | 
2009 | 
2008
2007 | 
2006 | 
2005 | 
2004 | 
2003 | 
2002 | 
2001 | 
2000 | 
OUT-LAW RSS feeds | 
OUT-LAW Radio | 
Legal Info About... | 
Legal Info For... | 
Our Services | 
Case Studies | 
Events and Training | 
Fun | 
About Us | 
Contacts | 
Legal Notices | 

 

Pinsent Masons named Legal Firm of the Year 2009 at Finance Directors' Excellence Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility Logon
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.