In a report to the Home Office published this week, the information commissioner Elizabeth France accused the Government of sacrificing good data protection regulation in the interests of minimal legislation.
The Data Protection Act dictates how personal information about customers and staff can be stored by a business. It has implications for the reliability and security of IT systems that store personal data.
The Act puts unnecessary restrictions on businesses processing sensitive data, such as medical information, or data on political or religious beliefs, France said.
Many legitimate business activities involve processing sensitive data where it makes little sense to obtain the explicit consent of subjects. For example employers will have to obtain individual consent to process staff sickness records before sick pay can be paid.
Similarly, France argues, there should be no need for a company to seek the explicit consent of every member of the pension scheme, if it decides to outsource the data management to another company.
France, who plans to stand down from her job in November, said that unnecessary restrictions on her powers were inconsistent with open government, hindered the protection of the public and could undermine her role in enforcing the Freedom of Information Act.
France said she lacked the powers to pursue firms that broke the law, putting companies that adhere to it at a disadvantage.