Talk of data protection law tends to send heads plunging into sand - unless the data being protected is information about oneself. But ignoring the legal obligations could cause trouble for firms, and bad publicity.
The Data Protection Act (DPA) has now been in force for nearly three years, and the Information Commission's code of practice for compliance has arrived, so now seems the perfect time to explain what it means for companies.
There is a lot for the IT manager to take into consideration, but there are useful guidelines available, and many firms offer tools and services to aid compliance.
Society is becoming increasingly litigious, and the massive growth in telephony, Internet and email use is making business communications harder to manage. Companies are anxious to know what information staff are sending and receiving, and who they are contacting. But monitoring is not something that can be done on an ad-hoc basis.
The fact that staff must be told if monitoring is taking place, and for which reasons, is just one small part of the DPA, but if it is ignored it could have unpleasant consequences for companies. The DPA also covers the storing of medical details, as well as records management, customer information, and notes from interviews.
Any slip in the handling of such data could see organisations in court, and facing fines.
Companies would be wise to take steps to understand the law and its consequences now, rather than wait and face possible penalties for breaches.
Have your say: contact IT Week
reader comments