All the latest UK technology news, reviews and analysis
|
|
|
06 Mar 2009
Today's move by the Information Commissioner's Office (ICO) to punish a firm for breaching the Data Protection Act (DPA) could be the first of many similar cases as the organisation seeks to flex its muscles, experts have said.
The ICO raided a company called The Consulting Association, which had kept a secret database of personal information on over 3,000 UK construction workers.
The data protection watchdog said that it will prosecute the firm's boss under the DPA, and possibly go after the 40 construction companies that used the database as a covert vetting tool.
Matthew Tyler, director at consultancy firm Evolution Security Systems, warned that there will be "a raft of these cases" this year, as businesses continue to mishandle customer data.
"The way data is handled and managed in the UK is farcical, and has been for years because there has been no comeback," he said. "But if the fines go up and the directors face possible jail sentences, then they'll give it more focus."
Tom Ilube, chief executive of online identity firm Garlik, said that the announcement shows "the ICO flexing its muscles in a way we have not seen before", and that it should be a wake-up call to executives.
Ilube predicted a rise in sites specifically set up to provide similar illegal services to potential recruiters by trawling through the web for personal information.
Gartner analyst Thomas Otter argued that companies should be prepared for a hardening of the ICO's stance towards organisations that mishandle data.
"The ICO is becoming more vocal and more assertive and coming more into line with the rest of Europe in this regard," he said. "From an IT and HR point of view, organisations need to be more vigilant about data protection, because there are likely to be a number of prosecutions, and a growing public awareness of privacy issues."
Paula Barrett, a partner at law firm Eversheds, advised firms wanting to vet potential employees to treat this as a "cautionary tale".
She added that they must perform due diligence on any third parties they use to provide them with such information, and to include a "feedback loop" to the individual so that they are aware of what is going on.
"If in doubt, don't use it," said Barrett. "Make sure you have a contract for supply of the data, and check that it has provisions in it that give you assurances that the information has been collected in a manner which is compliant with the DPA, and that its transfer and use by you will also be compliant."
Latest stories from Management
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Title: Senior Web Developer / Engineer (HTML, JavaScript...
Job Title: Java Developer (J2SE / JEE) Salary: up to...
Job Title: Agile Test Manager Salary: up to 55k per...
Title: Java Developer Location: London Salary: 35-45k...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
how can I find out if my name is on the list held by the company
that illegally passed on personal details to construction companies. I have been interviewd by 1 of the companies named only for the role to be withdrawn- another of the named companies invited me for interview then withdrew the invitation 2 days before the interview was to take place.lack of funding was the reason given
Posted by: trugggg 11 Mar 2009