Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

UK to develop data protection guidance in systems design [2000] PLBIRp 40; (2000) 55 Privacy Laws and Business International Report 13

UK to develop data protection guidance in systems design

THE UK DATA PROTECTION COMMISSIONER aims to help systems designers to meet their obligations under the data protection law. The Commissioner plans to offer guidance on incorporating data protection in technology by the end of the year.

The guide will encourage systems designers to become more aware of data protection issues, and provide practical advice on how to take the law's requirements into account. The Data Protection Commissioner, Elizabeth France, has invited anyone interested in undertaking this work to put forward their proposals. "We are looking for someone who can demonstrate the ability to produce a piece of work that will be seen as relevant, informed and practical value to systems design," she said.

The announcement coincided with the publication of her first annual report under the 1998 Act on 12th July. The report was, for the first time, published online, and was followed by an online question and answer session.

BUSY YEAR FOR LEGISLATIVE DEVELOPMENTS

The past year included not only the coming into force of the new Data Protection Act in March, but also a busy period on the Freedom of Information Bill, which was published in November 1999, and was at committee stage in the summer. The Data Protection Commissioner's office (ODPC) has started to prepare to take on the functions of the Information Commissioner.

Discussions have also started with the Scottish Executive, as there are proposals for a statutory freedom of information regime for devolved Scotland. The Scottish FOI regime would be enforced by the Scottish Information Commissioner.

The ODPC has also started to prepare to give advice on the Human Rights Act, which enters into force on 2nd October. All managers have been trained and training will be rolled out to all staff before October.

THE YEAR AHEAD

The ODPC is aware of the need for more guidance on the new Data Protection Act. While this is being prepared, the most common questions and answers to them have been posted on the Commissioner's website. During the year ahead, the office will complete the transition from the 1984 Act to the 1998 Act, and ensure that the necessary procures are in place.

The office plans to publish a Human Resources Code of Practice on the issue of processing personal data in employment sometime in the autumn (PL&B consultation on the topic, see p. 7). Within the same timescale, the ODPC will also finalise and publish an audit methodology manual, the first draft of which was written by Privacy Laws & Business. PL&B tested the methodology in five pilot exercises. The ODPC conducted its own test, and the manual has also been reviewed by Home Office auditors.

Raising awareness is a specific duty of the Commissioner under the new Act. A nationwide advertising campaign took place in August and September, and the ODPC plans to launch education packs soon for primary and secondary schools.

THE NEW NOTIFICATION SCHEME

Under the new Act, processing purely for staff administration and accounts, or to market organisations' own products and services may be exempt from notification. The office has published detailed guidance on the new notification regime. In addition to a Notification Handbook, a guide on self-assessment is also available. Changes from the old regime include annual payments, and setting up a direct debit.

The description to be provided about data processing that is required for notification can now be in general terms. Data controllers now have to provide a security statement together with their notification details.

It is important to note that compliance is no longer tied to notification - the Commissioner can enforce the law whether the organisation suspected of a data protection breach has notified or not.

The annual report can be seen at http://www.dataprotection.gov.uk. More information about the project on systems design can also been found on the website, or by telephoning the ODPC on + 44(0) 1625 545 700.