New Data Protection rules are due to come in next March but I don’t want to write about those today.
The subject of “Data Protection” tends only to hit the headlines when a large organisation gets hacked, leaves a laptop on a bus or, as famously was the case for HMRC, loses data “in transit”. The other use of “Data Protection” is when large organisations ask you a tsunami of personal questions before answering your simple request or when they fob you off.
The truth is that some of the rules are in principle sensible, because the aim is to reign in “big brother”
Stripped of jargon, any person or organisation holding information about people either in a computer or in a way that enables the information to be got at easily (such as in a paper based filing system) must register with the Information Commissioner (“ICO”). Their details are then held in a public register which shows what sort of information they hold about what sort of people (e.g. employees, customers, patients etc.) and for what purposes (so not your personal details, but just the “headers” of what type of information is held for each individual).
Any person/organisation must protect the data it holds, ensure its accuracy and, if requested, tell the people about whom they hold information what information they hold.
If you are in business, run a club or association the odds are that you ought to register with ICO – yes, it is another form filling hurdle, but overall it is a sensible regulation aimed to protect us all.
If you like the way we think you’ll like the way we work