Data protection deadline looms

With less than two weeks to go before the UK Data Protection Act 1998 comes fully into force on 23 October, a survey of UK...

With less than two weeks to go before the UK Data Protection Act 1998 comes fully into force on 23 October, a survey of UK businesses has found a dangerous lack of awareness about its requirements.

The survey of 137 IT managers responsible for data protection within their companies, commissioned by City technology law firm Tarlo Lyons and marketing services group Opus, found that 61% were unaware of the impending deadline.

While respondents believed that senior management are either "very aware" (44%) or "reasonably aware" (41%) of their obligations under the Act, more than half felt that they had not been given all the support they needed in order to ensure their firm's compliance.

Just over half of the survey's respondents transferred data outside the UK, yet awareness of the Safe Harbor scheme and of "model clauses" was low.

Only 29% of respondents had heard of Safe Harbor, a voluntary membership scheme for US organisations which the European Commission recognises as providing adequate data protection.

There was a similar lack of awareness about "model clauses", a standard for contractual clauses applying to the transfer of personal data to non-EU countries.

"The findings of this survey must act as a wake-up call to companies," said Andrew Rigby, head of e-business and banking technology law at Tarlo Lyons. But it should also prompt the Government, and in particular the information commissioner, "to recognise the need to educate companies more effectively", he added.

"Of particular concern are the findings in relation to the export of data to countries outside the European Economic Area, especially to the US," he said.

"With a few limited exceptions, this is prohibited under the legislation unless the exporter has a contract in place with the importer.

"If a business fails to do this it could be prevented by the Office of the Information Commissioner from exporting data in the future.

"For multinational companies this could be catastrophic," Rigby said.

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.