DPA will boost business says commissioner

Companies should see compliance with the Data Protection Act (DPA) as an opportunity to boost business and not a legal hurdle.

Companies should see compliance with the Data Protection Act (DPA) as an opportunity to boost business and not a legal hurdle.

That was the message from the government's information commissioner, Elizabeth France, and a panel of experts at the Information Security Solutions Europe 2001 conference.

With all exemptions to the DPA ending on 24 October, France said: "Data protection is taking centre stage as citizens become more and more aware of the issue. This is not just a UK preoccupation. Gaining the confidence of individuals through data protection is seen as very important if e-commerce is to work. Data protection is good for business."

Bojana Bellamy, global head of data protection compliance for Accenture, agreed that data protection was not the obstacle to e-commerce that many businesses believe it to be.

"I have no doubt that e-commerce would be hindered without data protection," she said. "It is not a barrier to e-commerce and is crucial in gaining the trust of customers and staff."

Bellamy pointed to two major companies, AOL and IBM, that have seen the importance of the issue by not accepting advertising on their Web sites for any firms that are not DPA-compliant. She also called on all businesses to take data protection seriously at senior level.

"It requires top management commitment and there must be someone internally responsible in the form of a compliance officer," Bellamy added.

Bellamy called it "essential" for businesses to audit the data they hold to find out who they have data stored on, what that data is and why it is needed.

Data compliance officers should preferably be trained and experienced, and must be in touch with legal developments. German companies are already required by law to employ a compliance officer.

Speaking on the possibility of statutory enforcement, France said: "The UK government does not think it is necessary to force all businesses to have a data protection officer. We feel it is unfair on small companies, and the businesses we discussed this with were generally not in favour. However, more and more businesses are looking for data protection compliance officers."

The compliance deadline for the DPA is 24 October and any firms that do not comply by this time will leave themselves open to prosecution. The information commissioner made it clear that company privacy statements posted on Web sites are coming under particularly close scrutiny.

She said: "We are checking privacy statements on company Web sites to check they are doing what they say they are doing. If you have a privacy statement you must be adhering to it. Having a statement and not complying with it is worse than not having a statement at all."

Read more on IT legislation and regulation