Sir: Your leading article on identity cards ("Howard plays his card", 25 May) highlights the inadequacy of Britain's data protection laws. Government reassurances about the benefits of such a scheme suggest that it may be timely to remind people of how little confidence should be inspired by the current state of play.
The Data Protection Act 1984 was passed when British firms had started to lose overseas contracts which involved swapping of information because business in other European countries were not permitted to deal with firms which could not guarantee the confidentiality of information held on computer records.
The principles enshrined in the Act are exemplary. However, there are numerous exemptions which render its provisions far from adequate.
There are broad exemptions for access to information held by police, prosecution authorities and tax departments, and information as to the physical or mental health of the data subject can be withheld by government departments, local authorities or voluntary agencies.
The compensation provisions are inadequate, as damages may only be awarded for incorrect data compiled directly by the data user, not for information supplied by third parties - precisely the kind of information which may be the most damaging. It effectively exempts the police from Data Protection Principle One, which requires data protection users to obtain and process information fairly and lawfully: the Data Protection Register has not powers to enforce this Principle where, to do so, would be likely to prejudice the prevention or detection of crime. It pays no special attention to the sheer scale of government databanks, or to the linkage of these banks, or to related issues such as the use of personal identifiers. Perhaps the most alarming loophole of all is that it does not permit government departments to be prosecuted for a data protection offence.
Given such weaknesses, the lack of parliamentary scrutiny or public debate around data protection issues such as the piecemeal creation of the existing Government Data Network seems extraordinary, and it has generally been left to one civil servant, the Data Protection Register, to warn of potential risks and problems.
Michael Howard has stated his hope that the Green Paper will act as a catalyst in stimulating widespread public debate. If such debate focuses attention on the appalling weaknesses of existing privacy and data protection legislation, this may yet turn out to be one of his more significant achievements as Home Secretary.
26 MayReuse content