Following a series of high-profile losses of personal data in Europe, the UK Information Commissioner’s Office (ICO) is urging individuals to exercise their rights under the UK Data Protection Act 1998 (DPA) to protect their personal details. Organisations can expect to spend more time dealing with inquiries from staff and customers about what personal data are held, why and for what purpose. Individuals are likely to become more cautious about handing over their personal details to organisations and to challenge sloppy data protection practices.
The ICO is launching a Personal Information Healthcheck to help consumers protect their personal details in a bid to minimise the amount of personal information held about them by organisations. The ICO is concerned that, while people are becoming more aware of the dangers of allowing their information to fall into the wrong hands, many are not using their existing legal rights to protect their privacy. A survey of 2,020 UK adults conducted for the ICO in August 2008 found that 95% of people believed their personal information was valuable and more than 70% claimed routinely to shred personal documents. But another survey found that 44% had never considered contacting an organisation to find out what information it held about them.
As public awareness of individuals’ rights under the DPA grows, individuals will look to enforce their rights by making use of subject access requests, a procedure whereby individuals can ask to see what information an organisation holds about them. It can be costly and time-consuming for organisations to respond to these requests, particularly within the statutory timeframe of 40 days.
Organisations will need to review their current Subject Access Policies and Data Protection Policies and train staff to recognise and comply with their DPA obligations.
The ICO’s Healthcheck can be accessed online at www.ico.gov.uk/infohealthcheck