Suspecting mass on-line non-compliance with data protection laws by UK websites, Dame Elizabeth France is going on the attack.
Topic: Data Protection
Who: The Information Commission (“IC”)
When: Early January 2002
The Information Commissioner, who is responsible for enforcement of the Data Protection Act 1998 (“DPA”), has commissioned a survey to establish the extent of compliance with the DPA by UK websites. This is to be carried out during January and February 2002. It will cover all shapes and sizes of website. The idea is to use the results of the study to raise general awareness of data protection requirements and also to inform and direct future guidance and enforcement action. There are also no guarantees that caught-out website owners will not be the subject of enforcement action themselves.
Why This Matters:
Although the resources of the IC are limited and enforcement action is therefore patchy, the IC is determined to ratchet up its regulatory efforts. Accordingly, businesses who may be quite justifiably daunted by the complexity of data protection legislation should not necessarily assume that if they lay low, the regulator's gimlet eye will overlook them. Penalties for non-compliance can be harsh. They include fines for failure to notify the IC of personal data processing. There are fines also for failure to keep the notification up-to-date so that it covers all personal data processing activities. Another penalty is being prevented from using any personal data at all until the data has been properly and compliantly collected, a measure that could stop all of a company's direct marketing activities in their tracks. Company directors also face potential personal liability where offences are attributable to their neglect, connivance or consent.