Data act 'is not smokescreen for poor practice', says information commissioner

The Information Commissioner Richard Thomas has warned organisations not to use the Data Protection Act as an excuse for poor...

The Information Commissioner Richard Thomas has warned organisations not to use the Data Protection Act as an excuse for poor practice.

Thomas, speaking in the wake of criticisms of the act by police and British Gas, said he was concerned that the benefits of data protection were being undermined by officials who did not understand its purpose and benefits.

"It is ridiculous that organisations should hide behind data protection as a smokescreen for practices which no reasonable person would ever find acceptable," he said.

He announced a package of measures designed to give greater clarity to businesses, including a commitment to plain English, more user-friendly guidelines and an improved telephone helpline.

"Data Protection is all about fairness and common sense. If an organisation feels that data protection is leading them to do something unacceptable, then to resolve that we have set up a telephone helpline that can give them guidance."

Thomas said organisations were sheltering behind data protection, because they misunderstood it or were failing to think clearly.

He said he was "very cross" with British Gas officials for claiming the Data Protection Act prevented them from alerting social services when they disconnected an elderly couple’s gas supply because of an unpaid bill. The couple were later found dead in their south London home.

He also criticised claims by Humberside police that the Data Protection Act prevented officers retaining intelligence on murderer Ian Huntley that might have prevented his appointment as a school caretaker.

There was nothing in police guidelines on evidence gathering or in data protection regulations that would require Humberside to delete that information from their databases.

"The Department of Health has refused to reveal how many doctors work in each hospital because of data protection. I find that inexplicable," he said.

Thomas agreed with the court of appeal, which described the Data Protection Act as "cumbersome and inelegant", but he said, while there was room for improvement, it would be a mistake to make wholesale changes to the law.

"Data protection law stands in the way of a surveillance society where government and commercial bodies know everything about everybody. It helps prevent the growing problems of identity theft and the buying and selling of personal information."

The Information Commission is working with government and businesses to find ways to simplify guidance on data protection.

But Thomas said it was unrealistic to expect guidance on every eventuality. Organisations will still be expected to seek their own legal advice, check the guidelines and make their own decisions.

Read more on IT risk management