Access your Pro+ Content below.
DPA compliance: Tracking changes to Data Protection Act guidelines
This article is part of the IT in Europe issue of June 2011
For a piece of legislation that first hit the statute book in 1984, the Data Protection Act (DPA) has weathered remarkably well. By sticking to broad principles and avoiding any reference to specific technologies from the start, it has managed to stay relevant for nearly 30 years, despite huge social and technological changes. The underlying guidelines, embodied in eight simple principles, are easy to understand and remain a model of clear-sighted lawmaking. Although it was updated in 1998 to bring it into line with EU legislation (which it had influenced), the act has remained essentially the same. So why has the act caused so much confusion and been the subject of so much misinterpretation over the years? Some organisations appear to use it as a convenient veil to avoid releasing any information at all, while others still treat personal information with reckless abandon. Even the police got it wrong, most notably in the Soham murders investigation of 2002 where an overly strict interpretation of the act’s requirements caused ...
Features in this issue
Products to secure smartphones and cloud computing are in short supply.
For DPA compliance, a ‘tick-box’ approach is not an option. Therefore, the trick is to simply to keep out of trouble and avoid obvious negligence. Alan Calder explains how.
News in this issue
Can organisations expect a more prescriptive Data Protection Act in the future? UK Bureau Chief Ron Condon examines the law's prospects.
The Kaspersky kidnapping serves to remind that threats to some information security pros involve more than stolen credit card details.