The second half of the 20th century saw a sea change in the way, businesses, organisations and the government operated. The use of computers, to store information about customers, clients and staff in databases, became ubiquitous. Names, addresses, contact information, employment history, medical conditions, convictions and credit history are stored are held and these databases are easily accessed, searched and edited. It also made it easier to share information with other organisations. With virtually every organisation using computers to store and process personal information there was an ever increasing worry that our personal information could be misused or find itself in the wrong hands. A number of concerns arose:Who could access this information? How accurate is the information? How accurate was the information? Could it be copied? Was it possible to store information about a person without the individual’s knowledge or permission? Was a record kept of any changes made to information?
These concerns led to the passing into law of the 1998 Data Protection Act which was designed to control the way information is handled and to give legal rights to people who have information stored about them, that is each and every one of us. The law supposedly ensures that, “everyone who is responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is: used fairly and lawfully, used for limited, specifically stated purposes,used in a way that is adequate, relevant and not excessive, accurate,kept for no longer than is absolutely necessary, handled according to people’s data protection rights,kept safe and secure and not transferred outside the UK without adequate protection.There is stronger legal protection for more sensitive information, such as:ethnic background, political opinions, religious beliefs, health, sexual health and
Many don’t acre two hoots that this data about them is stored; they have the attitude that if you have done nothing wrong, then why would you worry if all these personal details are stored on a big computer somewhere. Others who feel strongly about personal privacy wonder if the Data Protection Act is effective at all. State agents collect, monitor and disseminate information about each of us on a scale that would have been unimaginable ten years ago.By its very nature, state surveillance is likely to impinge upon individual privacy. Again many see no problem and give their personal data away without concern or they may not even realise that they are giving away personal information. A paper by Liberty said, ‘…the passing of information to a company can literally result in the signing away of data protection rights through the giving of consent. It is unlikely that many customers will be aware of the extent to which they are allowing their information to be passed on through the use of a company’s services. For example, the following is taken from the terms and conditions for customers of Tesco’s online services; “Any information you provide to Tesco (“data”) will be put onto the Tesco database and processed by us for marketing purposes, market research, tracking of sales data, and in order to contact you or send you publications. Tesco may also disclose the data within its group of companies and to its professional advisers and agents
for the above purposes. By submitting your data to us you agree to our storage and use of the data.” The huge scope for private collection and dissemination of personal data can make data protection safeguards seem insufficient. Once consent has been given, whether or not it is informed, the processing of data becomes far simpler. In the Tesco example above, consent to wholesale data processing is a non-negotiable consequence of signing up to their online services.’
The Data Protection Act has thus not worked. It has not prevented myriad companies which are engaged in collecting personal data for resale across all industries and sectors. We all use large amounts of personal data for various online transactions deluding ourselves that information security techniques are protecting us from criminal elements. However, recent research has revealed that a number of financial services produce weekly reports, featuring your latest personal data, for resale. One organisation, operating in both USA and UK, is continuing to collect information from loyalty cards for resale and maintains that it will not disclose how it has obtained personal data. Anybody who is interested in personal privacy should surely steer clear of ‘ClubCards,’Facebook, Twitter but we should also think twice about our mobile phone and internet usage. As virtually the whole population engages in these activities, I think it is pretty clear that personal privacy is no longer possible.