Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

Book reviews [2000] PLBIRp 26; (2000) 54 Privacy Laws and Business International Report 11

Book Reviews

Data Protection Law and Practice

Data Protection Law and Practice by Rosemary Jay and Angus Hamilton is an extremely useful guide to the new UK Data Protection Act 1998. The 400-page book, published in November 1999, provides an interpretation of the Act's provisions, as well as practical advice on what the law means to organisations.

The authors speak with authority. Rosemary Jay was head of the Data Protection Commissioner's legal department for 12 years before moving to Masons Solicitors at the beginning of this year, and Angus Hamilton, a solicitor with private practice, has conducted prosecutions on behalf of the Data Protection Commissioner since 1986.

The book is divided into twentysix chapters, which vary from an introduction to data protection to detailed information about the new law. The authors discuss first the key definitions, territorial application of the law and data protection principles, then move to examine the grounds for legitimate processing and processing of sensitive data.

The practical approach is present throughout the book, for example, the authors suggest model wording for a data protection notice for direct marketing, and provide a definition of "consent" (this is particularly useful as a definition for consent is not included in the Act itself).

The chapter on transborder data flows is particularly useful. While much of the information is based on the opinions and advice from the EU Data Protection Working Party, the clarity with which the information has been put together will be helpful to data protection managers in international businesses.

As the book was published before the secondary legislation was available, it does not cover all of the detail on, for example, the new notification regime. However, the authors have, again, looked at the issue from a practical point of view and considered issues such as voluntary notification and what is involved in the transition to the new regime.

Individuals' rights are also covered at length. Of special interest are case studies on situations where individuals have objected to having their personal data processed. Data controllers will also find useful a checklist on how to deal with such objections.

In addition, the book includes chapters on exemptions, enforcement and prosecutions, enforced subject access, transitional provisions, the Commissioner's powers, the Tribunal, and European co-operation.

Also discussed is the sectoral EU Telecommunications Data Protection Directive, which was implemented in the UK by the Telecommunications (Data Protection and Privacy) Regulations 1998 and 1999. The regulations, which came into force on 1st May 1999 and 1st March 2000, are explained in detail, as well as who they cover.

Data Protection Law & Practice is published by Sweet & Maxwell in hardback, ISBN 0 75200 6231. Price: £75.

Guide to the new Spanish Data Protection Law

The Guide, written in Spanish by two Spanish companies, Cuartecasas (a law firm) and ITEM Consultores (a consultancy) discusses the new law, which entered into force in January this year. Volume one explores issues such as data protection and direct marketing and protection of personal data on the Internet.

Volume two concentrates on other legal aspects that regulate electronic commerce, such as digital signatures and electronic contracts.

This useful information pack, published in May, was sponsored by UNO-e-bank (www.uno-e-.com)

The Guides (in Spanish) and a CD- rom are available from Cuatrecasas, Velasquez 63, Madrid 28001, Spain, Tel: +34 91 524 71 27, Fax: +34 91 524 77 06. The company will charge only delivery costs.

Evaluating compliance with the Hong Kong privacy law

The office of the Hong Kong Privacy Commissioner has produced guidance notes on self-assessment for evaluating compliance with the Hong Kong Privacy Ordinance. While the materials relate to the Hong Kong law, the pack provides an excellent example on how to audit compliance with any data protection law.

The intention is that Hong Kong organisations will audit their privacy practices with the help of this guidance on an on-going basis. As the guide and the checklists are easy to use, and the information is also available on CD-rom, the guide is likely to be used widely.

The pack, entitled Privacy.Safe, is available from the Office of the Hong Kong Privacy Commissioner, Tel: + 852 2877 7141, Fax: + 852 2877 7026, website: www.pco.org.hk Price: HK$150.