Stewart Room is a solicitor, non-practising barrister, an academic and a Data Protection Law specialist at Rowe Cohen Solicitors. He argues that corporate compliance with the Data Protection Act 1998 is not merely responsible business behaviour but an opportunity to respond to profound political and technological advances that have irreversibly changed - and will continue to change - our lives.
Information about us is collected electronically from the moment weíre born. The process continues, almost without interruption, until the day we die. In the course of our lifetime, literally millions of bits of information
about each of us will be recorded and stored electronically, somewhere, by someone.
Where we live, how we are educated, what work we do, how much tax we pay, what we spend our money on, where we shop, where we go, how much we borrow or accumulate and what social progress we make.
Multiply this process by the billions of individuals living in the developed parts of the planet and the result, in the decades to come, will be the accumulation of an unimaginably massive mountain of information.
Historians of the future will not find themselves researching a few surviving documents, as they have in the past. They will be battling through a fathomless deluge of data.
The data already recorded about each one of us is largely made up of financial, medical, education and employment information. But cast your mind forward a few years. It is already technically feasible to capture infinitely more complex information based on DNA and biological analysis,
for example, or our religious, social and political leanings. Altogether more explosive material. It is already technically possible to store absolutely unique genetic information that can be used to distinguish us,
incontrovertibly, from any other being on the planet.
These personal biological and social information banks can hold the most profound secrets about our race, the origin of our antecedents, our health, genetic abilities and abnormalities, mental and sexual inclinations - even the expected length of our lives.
Theoretically, in the future, it will be possible to catalogue every single member of the human species and capture and store monumental quantities of information about each one. It will be possible to analyse someoneís physical characteristics, intelligence, emotional traits and temperament; predict how long they will live; decide with virtual certainty what will cause them to die; and measure their pre-disposition to, say, chemical addictions.
This new íinformation ageí will be unlike any other experienced by humanity in its entire evolutionary history. There are innumerable possible benefits but many, many drawbacks.
Knowledge is power. In this new age of information saturation, it is already possible to circulate huge masses of data around the entire planet in milliseconds. While there are many influencers in the business community who tend to address the positive ramifications of this phenomenon, lawyers and legislators are worrying about the consequences in terms of our Human Rights.
Throughout modern history despotic rulers have used information as the first weapon of tyranny. As just one example, malevolent strangers knowing when and of what we are likely to die would be given a power over us that few would wish them to wield.
Would society choose to invest in the long and expensive training of doctors, lets say, who were likely to succumb to terminal illness in their thirties or forties?
Seen in this light The Data Protection Act 1998 is, in fact, the most recent of a number of laws created over the last fifty years or so at national and internationals level, which flow from the post-war Universal Declaration of Human Rights in 1948. Their purpose is to safeguard the rights of individuals living in a data-processing world who are in any way put at risk by the loss of their privacy.
Because there are a number of fundamental and quite complex issues involved, it is my contention that the leaders of business and industry have largely failed to grasp the full implications of this legislation. Most businesses have fulfilled the statutory requirement to register with The Information Commission but few have done much more that take the most tentative steps towards full compliance with the Act.
I strenuously recommend the numerous public and private bodies and organisations that I advise to view the legislation as a constructive, positive influence on their future strategy rather than just another poorly understood reel of íred tapeí to grudgingly comply with.
Big Brother is alive and well and stalking us all as never before. Our transactions, our movements through shops and the streets, our messages, our actions are under almost constant scrutiny. This legislation has been carefully designed to ensure that the interests and rights of innocent individuals are protected, in the workplace and elsewhere. The simple fact that we - and all our dealings - are being monitored, observed or scrutinised does not give the observer or employer automatic ownership of the right to the information so gleaned. Far from it.
The key principles within the legislation
Individuals gain broad protection under the DPA against the unnecessary recording, processing and retrieval of information concerning them, measured against such benchmarks as the quantity and accuracy of information stored, the purpose for which it was recorded and its relevance to whomsoever holds it.
There are a small number of carefully considered essential conditions that make information processing lawful that cover such things as the fulfilment of a contractual necessity, compliance with a legal obligation, serving a vital interest, the administration of justice and the exercising of statutory functions. The Act also raises the issue of whether or not consent was granted to whomsoever collected it.
In effect, this is an admission that there are some circumstances in which it is imperative to hold and retrieve data. Of course society has to keep information about such matters as an individualís previous criminal behaviour, epidemic communicable diseases, payment of taxes, entitlement to benefits, qualification for membership of the electorate or military training.
That said, the information revolution will impact on every business of every size in the immediately foreseeable future. I cannot emphasise too strongly that The Data Protection Act is neither the transient brainchild of some technophobic politician nor a trendy piece of social tinkering to be overturned by a later government. It reflects central, global concerns about the future we all face in the information age.
No one is going to come along and un-invent silicon chips, computers, webcams, the internet, mobile phones, communication satellites and electronic fund transfers. Body scans, electronic crime, fraud and internet pornography are not going away, today, tomorrow or ever. They have become immutable facts of life.
For once, the lawmakers are ahead of the game. Theyíve given us the means of regulating the kind of data that can be rightly or wrongly captured, stored and retrieved. It is a political, social and commercial imperative that this law is enforced.
The governors of every size and type of organisation must make it their business not simply to comply with the law but to embrace the ground rules of the information age that it sets out so clearly.
These rules will influence everyoneís future.
Rather than taking the narrow view that this law exists simply to protect the rights to privacy of individuals in the workplace, those in business with responsibility for strategic policy should accept this Act is a major social signpost.
It points to the future of business. All business, for all time.
For further information, please contact:
Stewart Room Rowe Cohen Solicitors 0207 332 2235
Rick Blears rick@rmspr.co.uk 0161 929 5194
Signposting the future of business
.