follow me on Twitter
    My Photo
    Location: Aberystwyth, Wales, United Kingdom

    I am the owner and managing director of Information Automation Limited (IAL), a company that specialises in research, consultancy and training for the information profession. We are particularly interested in all forms of electronic information resources (e-journals, e-books, etc) and I teach a course in electronic publishing at the Department of Information Studies in Aberystwyth. Drilling down still further(!), my interests centre on the quality and evaluation of electronic information, and in the thinking that underpins activities in library and information science.
    This is a Flickr badge showing public photos from chrisinwales. Make your own badge here.

    Monday, May 22, 2006

    Data protection: one rule for them, and one for us?

    If you live in the UK, you cannot really have escaped the news over the last couple of days about a government agency mistakenly branding about 3,000 citizens as criminals. See for example, the Independent article, today. On the basis that it is better to be safe than sorry and that 3,000 errors is only point naught-something percent error rate, the Home Office and the Criminal Records Bureau (CRB) feel that they have nothing to apologise about! The 'mismatches were "regrettable"' - but no apology - not to the public, and not even to the 3,000 people whose lives they have temporarily ruined.
    To clarify, the CRB sent out a letter to, for example, the prospective employer at the same time that they sent a copy to the individual concerned - so no chance to sort it out, the job had gone.
    And in the case of one person this happened about 12 months ago... and again more recently.
    Now if that had been me, in my office, with some database of contacts, I have no doubt but that the full weight of the Information Commissioner's Office would very properly have descended on me. Personal data is supposed not just to be accurate, but to be kept accurate (this is the fourth principle of data protection), which means that when you are informed of an error there is a duty to correct it. Data is also supposed to be "processed in accordance with the rights of the data subject".
    Of course, the Act makes exemptions for national security, crime and regulatory activity, as well as for disclosures required by law. But this is exactly the point: the data subject concerned were not criminals. There is a right to compensation under the Act - I wonder what that would amount to for being prevented work for 12 months?
    I'm sure it is possible to argue that the CRB is exempt, but a nice test case would be fun, wouldn't it?
    You'd think just a few personal apologies, wouldn't you? Even if they don't come right out and apologise to the nation.

    >>Technorati tags: ; ;

    >>IceRocket tags: ; ;


    Links to this post:

    Create a Link

    << Home