The UK's information commissioner, Richard Thomas, answers complaints about the complexity of the Data Protection Act

IT Week: You have said there is a need to provide further clarification on compliance with the Data Protection Act. Is this because certain firms have said this law is stopping them from doing their jobs?

Richard Thomas: I have brought things forward a little because I am cross that the Data Protection Act has been unfairly blamed for shortcomings elsewhere. These people are hiding behind a smokescreen. Now it is time to put the record straight.

What is the Office of the Information Commissioner doing to clarify the points of law?

I will start by strengthening the data protection helpline to ensure that we give swift assistance to organisations that are concerned about interpreting the act. To support this we will also give more practical and user-friendly guidance with a commitment to plain English. I am also making another call for responses to our Making Data Protection Simpler consultation.

How do you feel when firms say the act prevents them from operating properly?

I will not tolerate such nonsenses. The Data Protection Act is there to protect people and to safeguard their privacy. In the information age it has become even more important. It is too easy to use the act as an excuse. I have been stung by organisations hiding behind the act, now I am drawing a line in the sand. Firms have to get this right.

Is the complexity of the act or its wording causing any misunderstandings?

We have to get the jargon out of our guidance - plain language is not dumbing down. Very few people have an idea what a "data subject" is. To me that is an employee or a customer. [The act] is aimed at a wide audience, there is no one-size-fits-all solution. We have already started down this road with our guidance on employee monitoring at work. With this we brought out three versions, one for large enterprises, one for small businesses, and a short checklist version for quick reference.

Does the confusion mean that the UK may face an epidemic of misunderstandings?

No, all of the people in the IT world that I speak to - some very senior people - are very focused on the importance of data protection. For firms it is a matter of self-interest. If technology damages people's lives, whether it be their customers or their employees, then they have a problem. More and more organisations have their own privacy officers these days.

How has increased use of technology affected data protection?

There has been phenomenal growth in the capacity of technology and what it can do. The ability to transfer data internationally instantly makes data protection very important. Take outsourced call centres - if information is to be sent out of this country then there should be no less protection on it than there would be in the UK.

Given the furore surrounding the act, and your own admission that it is jargon-heavy and difficult to understand, will you push for changes to data protection legislation?

It is unrealistic to think about wholesale changes now, but we do have a shopping list of fine-tuning changes. However, the parliamentary timetable is so full that although I am critical of the drafting of the act I would be wasting my time pushing for changes. We must remember that there is nothing wrong with the basic principles of the act. We just have to ensure that they do not get lost in a fog of obscurity.

ABOUT RICHARD THOMAS
Richard Thomas has been the UK's information commissioner since December 2002.

Previously he was director of consumer affairs at the Office of Fair Trading and head of public affairs at the National Consumer Council.

Thomas is an advocate of plain English and has written several books on the subject.