Data Protection Compliance, 2nd Edition [Paperback]

Organisations now face much stiffer penalties for breaching the Data Protection Act, which makes this pocket guide more valuable than ever!
Your company holds personal information about your customers in electronic form. Almost certainly, you will also keep records on your staff in your computer system. In the digital age, managing personal information has become a key organisational challenge. For legal reasons, everyone has to understand the proper way to handle this personal data.

Compliance

Your business needs to operate in compliance with the Data Protection Act. This means your company has to take the right steps towards secure management of personal digital information.



Under the Data Protection Act, some faults are treated as criminal offences. Where failure to comply is the fault of a manager, the manager can be prosecuted along with the company.



A tougher regulatory environment

Knowingly, or recklessly, obtaining or disclosing personal data is an offence under Section 55 of the Data Protection Act. In 2009, the Coroners and Justice Act amended the DPA to give the Information Commissioner the power to carry out compulsory assessments of government departments. This year, the government has further tightened the enforcement regime for the DPA. On 6 April 2010, tougher penalties came into effect, including custodial sentences for deliberate or careless disclosure of personal data. Deliberate, or reckless, disclosure of personal data by your staff will also put you in the firing line as their employer. The Information Commissioner’s Office has acquired new powers to fine companies up to £500,000 for serious contraventions of the Data Protection Act.



This pocket guide gives you a clear description of the Data Protection Act, outlining its terms and explaining its requirements. It is essential reading if you have a responsibility for the security of personal data, especially if you are a director, a manager or an IT professional. The pocket guide includes handy good practice tips for staff. The easy-to-follow checklist tells you the practical steps you should be taking in order to comply with the Data Protection Act.



Benefits to business include:

* Avoid expensive litigation
Failure to comply with the Data Protection Act can lead to a heavy fine, as well as complaints and reputational damage. Use this book to help your company avoid embarrassing disputes and costly litigation.
* Avoid illegal monitoring and interception
There are good reasons why you might want to listen to customer calls (monitoring) or to record them (interception). Use this book to ensure that you monitor and intercept calls and e-mails in a way that is legal.
* Understand transfer of data overseas
To improve customer service or streamline operations, your company may wish to transfer personal digital information overseas (offshoring). This book advises you on when it is legal to do this. It offers you guidance on transfer of data outside the European Economic Area, and on the US-EU Safe Harbor Agreement.
* Handle electronic marketing properly
You need to understand the special rules that concern e-mail marketing. Use this book to make sure that your online marketing campaigns are being run in a way that is legal.

Data Protection Compliance in the UK has been published as an inexpensive and easily read introduction for any employee required to support compliance with the DPA. It:

* Outlines UK and EU data protection regulations;
* Describes the rights of individuals;
* Explains the security obligations of organizations;
* Addresses topics including
o IT monitoring and interception,
o enforcement provisions and
o penalties for non-compliance.

Reputational risks

A survey conducted by IT Governance has shown that only around half of those employees who handle personal information have been trained in their Data Protection Act responsibilities. And yet failure to comply with the Data Protection Act can have damaging consequences. The scandal at T-Mobile has highlighted the need for businesses to tighten up their data security. In November 2009, it emerged that some of the staff at T-Mobile had been selling the names and addresses of mobile phone customers to brokers, who then sold on the information for use in the sales campaigns of rival mobile phone networks. As a result, T-Mobile has suffered negative publicity and been heavily criticised by leading politicians. In response to the scandal, the Information Commissioner, Christopher Graham, announced his intention to “close down the entire unlawful industry in personal data”. To achieve that objective, he is determined to ensure that data thieves and traders in ill-gotten personal data will have to serve time in prison.

The guide is written by Rosemary Jay and Jenna Clarke of Pinsent Masons' respected Information Law Team, which was listed by Chambers 2008 as one of the UK's top teams for data protection. Rosemary Jay is a partner at Pinsent Masons LLP, where she heads the Information Law Team and advises private and public sector bodies on data protection and privacy law. Jenna Clarke was a trainee with Pinsent Masons LLP at the time of writing. Her experience in the Information Law Team included advising and writing on data protection and freedom of information.