A better way to protect our data

Click to follow
Indy Lifestyle Online
When most people worry about the misuse of confidential data stored on computers, they assume that it is from companies that they have the most to fear. If a firm collects marketing data about customers, it might misuse it - for example, an airlin e might poach frequent flyers by ringing up and pretending that a rival airline's flights have been cancelled.

This may be a dirty trick , but it is tempting to forget that the worst a data-abusing company is ever likely to do is to try to sell you something. When government bodies get hold of the same data, the potential for harm is much more serious.

In principle, government bodies such as local authorities and the police are subject to exactly the same rules as businesses, as set out in the Data Protection Act. Yet the scope and power of government is such that the rules are narrow in application and limited in effect. A central principle of the Act is that the collection of data must be on a consenting basis; but nearly all the functions of government, from vehicle licensing to taxation, are coercive. So the principle does not fit, and little of the logic that flows from it can be applied. Plainly, a different kind of regulation is needed to secure the powers of public bodies, and to limit them.

The private sector collects a great deal of data, such as credit records, that the state is not in a position to do. The data's uses have to be licensed, and are limited to commercial activities, but if state organisations buy or requisition that information from them, they can do almost anything with personal data. The legislation merely ensures that they do it in an orthodox and bureaucratically approved manner.

Greater Manchester Police, for instance, are paying 30p per inquiry to a commercial credit reference agency to track down suspects through a database that may be more current and more detailed than the Police National Computer. The system, whose main jobis to choose targets for junk mailshots, holds information on family relations and financial arrangements. Detectives claim that the data is useful for finding out whether a suspect is living beyond his visible means. On the other hand, credit r ecords are a notorious dog's dinner: the information they contain is often wildly out of date or inaccurate.

Harnessing commercial data to the power of government is dangerous. You have a statutory right to see credit records, and make corrections if necessary. But if you were marked down as a bad egg by the police because of the same error or misinterpretation, you would not find out. Police units can always shelter behind the immunity that the law gives to "operational material".

Tax investigators have received data from banks, captured by cashpoint machines. The Inland Revenue is justifiably interested in learning whether tax payers who claim exemptions for living abroad are really living abroad. Mapping their use of cash machines tells them, but at the cost of further obliterating privacy, and the separation of powers that seemed natural when the public sector and private sector were more distinct than they are today.

The Data Protection Registrar is cogent and conscientious. The Registrar has dissuaded the Child Support Agency from passing excessive information between estranged parents, and has scored some moral victories. But the Data Protection Act's limitation onwhat government bodies can do with data - that they must hold data only "sufficient to fulfil their statutory duties" - is so vague that it may be interpreted to suit. Until data protection law is rewritten in terms of civil rights, and beg ins truly tocontrol policy, determining what kind of information may be collected on people and for what purposes, the legislation is no more use than a draught excluder without a door.