Print
Send to friend
RSS feedsNetwork managers could face personal prosecution if their company falls foul of the Data Protection Act (DPA) that comes in full force on 23 October.
When the DPA was introduced in 1998 many companies were concerned about their data, but parts of the Act were initially suspended, so no prosecutions followed and companies were lulled into complacency.
"It created confusion and left a cold trail. There is still a real lack of compliance with the DPA," argued Jonathan Armstrong, an ecommerce lawyer at Eversheds. "This is dangerous, as the Information Commissioner will look at personal convictions to enforce the law, meaning that the network manager will be prosecuted."
Nearly two thirds of network managers are unaware of the October deadline, while half of them believe that senior management gives insufficient support to ensure compliance, according to a survey by law firm Tarlo Lyons and The Opus Group.
Richard Ryan, head of research at The Opus Group, said: "British bosses are not giving proper resource and support. They are paying lip service, which is foolhardy given the potential damage to brand equity in the event of 'naming and shaming'."
Unintentional DPA breaches can easily happen through the transfer of data outside Europe. Many international companies use central mainframes in the US, which handle core business processes. Without special agreements, this breaches the Act.
To stay within the law, UK companies could set up two separate agreements: one for transferring data and one for third-party processing. The agreements can be individual or they can follow the European 'Model Clause'.
Alternatively, US mother companies need to enter the 'safe harbour' scheme by signing up to the regulations of the Federal Trade Commission in the US. But it is considered to be the toughest regulator in the world and many companies are concerned that its strict rules would damage their competitive position.
"If a business fails to do this, the Information Commissioner can prevent future data export," warned Andrew Rigby, head of ebusiness law at Tarlo Lyons. "For multinational companies, this could be catastrophic."
