Monday, 17 December 2007

Finally - Data Protection Law to be Reviewed

Laptop Security Inverted From: Outlaw 14/12/07

The Government has launched a consultation into how personal data is treated in the aftermath of the HM Revenue and Customs' loss of 25 million people's sensitive information.

Information Commissioner Richard Thomas is one of the two men in charge of the consultation, which will focus on the use and sharing of information. The other is Government science and technology advisor Dr Mark Walport.

The consultation will consider changes to the Data Protection Act and will present Government with options for changes to the law.

“The review will be concentrating on information sharing. When do public bodies, in particular, need to make use of personal information held by others to do their job properly?" said Thomas. "Law enforcement, child protection and more personalised services may be examples. But we will need to assess the dangers if information is shared too freely."

And about time too.  This one is long overdue and imposing more stringent guidelines and operating procedures for data controllers has become a necessity.  The fact it's taken a series of high-profile blunders to bring about a review of the law is a crying shame and highlights the need for a more proactive review process of legislation.  Clearly the changes in the law must be mirrored by a change in attitude and working practices.  Simply making it compulsory for data controllers to encrypt data is of little use as to be viewed or edited, data must be unencrypted - thus returning it to a vulnerable state.  Better education and attention to security policies by those who work with data and more stringent rules relating to how and when data may be unencrypted and disseminated are needed to close the existing holes in the net. 

No comments:

Post a Comment