MI5 case highlights data laws

A ruling by the Information Tribunal has highlighted the need for firms to be prepared to reveal the information they hold on...

A ruling by the Information Tribunal has highlighted the need for firms to be prepared to reveal the information they hold on customers

The warning follows the case of Liberal Democrat MP Norman Baker who took MI5 to tribunal this summer to get access to files he believed were held on him.

Although MI5 argued that it was exempt from data protection legislation on the grounds of national security, the tribunal ruled that the security services should work on a case-by-case basis.

Michael Clinch, senior consultant at IT law firm Picton Howells, said the case has implications for all organisations and businesses. "In terms of private businesses, they have to be aware of their obligations," said Clinch.

"Anyone who expects requests for information needs to be prepared to deal with these requests and has to make sure that the internal infrastructures are in place to deal with them. Companies have to deal with these requests positively and on an individual basis."

Clinch said it is good management practice to put in place an internal policy for handling the processing of requests. He added that larger firms should have a person whose job is to deal with the processing of each application.

The Data Protection Act states that individuals should expect a reply to their request within 40 days. Companies that do not comply could end up in court.


ross.bentley@rbi.co.uk

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close