Data privacy law abused too often, says watchdog    

Click to follow
The Independent Online

Ministers have failed to protect the public from abuse of data privacy laws by undermining the role of the information watchdog, a report to Government claims.

Last year alone, the Information Commissioner carried out a record 8,000 investigations into alleged breaches of the law, mostly involving organisations wrongly disclosing confidential data to third parties.

But Elizabeth France, in a report to the Home Office covering the period from March to December 2000, alleges that, by undermining her role as Information Commissioner and ignoring her calls for criminal penalties against wrongdoers, Government ministers have "hindered the protection of the public".

Ms France's report was submitted to the Government more than a year ago but has only just been published.

She also accuses the Government of sacrificing "better regulation for minimum regulation" in the way that it has decided to implement any data protection legislation across this country.

She also alleges that unnecessary restrictions placed on her job were "inconsistent" with the principles of open government and that the Government may not be honouring its data protection obligations under European law.

The commissioner, who will stand down from her high-profile post in November, wants the Government to increase the powers of the job so that her successor can bring criminal prosecutions against those who flagrantly breach the law.

Ms France has repeatedly challenged what she called the cult of secrecy in the civil service, business and MI5 since she took up the post seven years ago. In her report she also singles out internet trading as one of the worst examples of illegal disclosure of personal financial details.

Ms France says in her report: "There have been several instances of inadequate security as a result of which the personal details of customers have been disclosed on a website. If the data controller has wilfully or negligently failed to secure the website but does so following the breach, there is no penalty the commissioner can impose."

In a recent complaint to the commission, police files identifying 11 alleged paedophiles and their victims given to a Bristol University research project were later found on a personal computer that was sold to a member of the public.

The abuse victims and their families had no idea the sensitive details had been released to the university by police. The information, including testimonies and transcripts of police interviews, was given to the university law department for a study into how evidence was gathered in cases of child abuse.

In another complaint received by the commissioner, school pupils who were given holiday work experience at their local authority offices were able to find out about their teachers' employment records.

The commisioner's report concludes: "There is much that the commissioner welcomes in the new law ... but this submission necessarily concentrates on what she sees as the deficiencies."

A spokesman for the commissioner said that Ms France had presented her report to the Home Office more than 12 months ago but it was only published after responsibility for data protection passed to the Lord Chancellor's Department.

The Data Protection Act 1998 came into force almost two years ago. Ms France's report was part of an appraisal of the impact of the new law which will be sent to the European Commission for its own report on the implementation of the EC Data Protection Directive.