On the case - September 2008
Share and share alike?
The UK direct marketing industry is reeling from yet another sideswipe from privacy regulators. In a report which was meant to focus on how private and public bodies handle personal data the commercial sector has, once again, been made the fall guy.
In October 2007 the UK Government commissioned a review into the way that personal information is shared and protected in the public and private sector. Ironically, this was followed by a number of high profile data security breaches in Government departments which were very embarrassing for the public sector.
The review sought opinion on whether the UK Data Protection Act 1998 should change and whether the Information Commissioner’s powers were sufficient. In essence these are sensible questions to ask about a 10 year old piece of legislation covering a space which has seen significant technological advance.
The conclusions – with one exception – also make logical reading. The report says that data sharing should strike a balance between individual privacy and improved service delivery from both the public and private sector. There should also be an attempt to minimise the burdens on business.
The sting in the tail is recommendation 19 which suggests that the Government should prevent the sale of the UK voters roll to marketing companies: This is despite the fact that individuals have had the right of opt-out from the sale of their data at the time of registration since 2002 (a right that 60% of voters have chosen not to take up).
Now if you are reading this in the USA or indeed some more enlightened European Countries, you may be thinking, “So what’s the fuss, use another public data source”. But the electoral roll is the only reliable source of mass consumer data in the UK which comes from the public sector and has the advantage of being updated every year. Without this as a base, it will be very hard to keep consumer databases current and minimize wastage.
Business will now have to make representations to the Government. Doubtless they will focus on how difficult it will be for marketers to ensure compliance with Principle 4 of the Data Protection Act 1998 [“Personal information must be accurate and up-to-date.”] if the roll is removed. They will also make the point that the opt-out statement at collection is a transparent way of informing individuals about their rights.
But given most of the recent data security breaches have been by public bodies, it seems rough justice that the private sector may have to pay the price.
Other recent items: