Monday was Data Protection Day. Find out how you can
win the textbook on data
protection.
Myth 1: The DPA says you can't market to people without their
consent
No it doesn't. All it says is that you have to tell people
when you collect their information that it will be used for
marketing. But individuals can object to marketing whenever they
want under a DPA right, and electronic marketing (including phone
and email) normally requires consent under the Privacy and
Electronic Communications Regulations.
Myth 2: You can't process my details without my consent
There is nothing in the DPA that stipulates that consent must be
obtained for any specific processing operation. The Act offers six
ways in which you can comply, you only need one, and only one of
them is consent of the individual. Some people think that
they can dictate to banks and other organisations as to how their
information is used, but although there are limited rights to
object to certain processing which causes distress, if processing
is necessary for a contract, for example, then no consent is
needed.
Myth 3: We will never share your details with anyone else
Not exactly true. Someone making this promise might not give
customer data to a spammer but they may be forced to give it to the
police. Alternatively, the company might be bought, in which case
the customer data may pass to a new owner.
Myth 4: We can't investigate the theft/loss/fraud because of
the DPA
The DPA allows organisations to disclose information to the
police and other law enforcement agencies if they believe that not
to do so would be prejudicial to the prevention and detection of
crime. It also allows disclosure where the organisation has a court
order or is exercising a statutory power to require disclosure. The
corollary is that disclosure can be refused if the requesting party
has no court order or other authority.
The provisions in the DPA that allow you to do this accord with
human rights legislation and strike a balance between the interests
of a crime-free society and the individual's right to privacy.
Myth 5: We're not allowed to tell you what went wrong because
of the DPA
You shouldn't be hiding behind the Act if you have made a
mistake. People exercising subject access rights will generally
have the right to be told what went wrong. There are other
provisions that allow disclosures where they are in the public
interest.
Myth 6: We can't talk to you about your grandmother's
electricity bill
Wrong. If Gran authorises you by phone or letter to discuss her
bill and the company accepts that, there is no problem.
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
