Data protection ignorance could put UK firms in the dock

The majority of UK companies are unaware of new data protection legislation coming into force today.

The Data Protection Act, an update of the 1984 Act, will significantly strengthen the protection of individuals' data held by companies. It will also place costly duties on companies that process data.

A recent survey of UK blue-chip companies reveals that most are unaware of the implications of the new legal regulations which could see firms facing fines, imprisonment or closure if found in breach of the law.

The poll of senior managers at 50 UK companies by security companies Content Technologies and CenturyCom reveals that only 23 per cent are aware of the new legal requirements.

In addition, less than 15 per cent have heard of BS7799, the British Standard for information security which is supposed to help companies ensure compliance with the new laws. Only eight per cent of businesses have put security measures in place.

One of the responsibilities of the Data Protection Registrar (DPR) is to promote awareness of the Act and its regulations.

John Woulds, the Registar's director of operations, admitted that the DPR's own research shows "low consciousness of the Act", but said "raising awareness is a difficult".

"We do what we can through advertising and television campaigns, but it is expensive."

Woulds believes that a court case could halt complacency.

"In the past, a court case or prosecution in a particular sector has had a dramatic effect on increasing awareness," he said. "In one instance a pharmacist was prosecuted for holding information about clients with prescriptions and details of drugs used without registering. That was covered in a trade journal and thousands of pharmacists called us."

However, Woulds said prosecution is a last resort. "We try to encourage compliance through persuasion and negotiation, but if there is blatant disregard for provisions we will prosecute."

"Inevitably after 1 March there will be a few prosecutions," he added.

Email in particular could land companies in trouble. Chris Heslop, international marketing director at Content Technologies, said: "Companies need to carefully manage the flow of information. This includes implementing an email policy about the types of files and content that can or cannot be sent.

"Fines, imprisonment and closure are heavy prices to pay for not checking the destination of email traffic."