Businesses face a mass of data management legislation

Developing a framework has to be a mutual effort by business and government. The first thing we need to do is map out what is going on so can identify where the overlaps are, what needs to be done and who should have responsibility for what.

Frits Janssen, chief executive of the BuyIT Best Practice group

The major issues that our members are seeing is the lack of clarity of the overall policy that brings the regulations together and also which direction these regulations are going in the future.

Compliance to new regulations costs money, both in resources and investment, and organisations need to be assured that this cost is not going to be negated by the next change that comes along.

The direction and future policy for this is not being clarified to the institutions, making it more difficult and expensive for them to provide coherent and consistent services to their customers.

Their involvement in the development of these policies would be a major step forward in helping to provide the clarity and communication that is needed.

British Bankers Association

Banks are facing increasing demands for information and many are coming from outside the UK. Naturally, there is an impact on banks' systems because they're principally IT-driven due to the volume of data involved. The extent of the impact, and consequently the cost, will differ from bank to bank.

Tim Lambertstock, technology strategy manager for BACS

The impact on certain financial services companies is considerable. But while certain legislation, such as the Data Protection Act, does affect medium-sized companies like ourselves, it isn't as onerous to comply with as some of the other acts.

Beatrice Rogers, ebusiness programme manager at supplier trade body Intellect

What are the costs of data retention legislation to the UK? If the Regulation of Investigatory Powers Act goes through we will have a regime that asks for data retention but it won't extend past the UK so what's to stop people providing services from a remote location as a way of by-passing it?

John Handby, chief executive of IT directors forum CIO Connect

Responsibility for clarity lies with the government - we would be happy to line up senior CIOs to talk this through with them but I suspect there is not enough cohesion in government as a whole to make this happen at the moment.

James Walsh, parliamentary and European advisor, Institute of Directors

Well-intentioned legislation is proving over-burdensome and putting burden on people who frankly are not posing a risk. There needs to be a more regulated approach so business is encouraged to take a more risk-orientated approach rather than a blanket approach that imposes burdens on everyone even if they pose a negligible security risk.

Conservative eCommerce minister Michael Fabricant

We are approaching the Byzantine situation in Russia where one decree conflicts with another and industry does not know what it is supposed to do. We have a clear example of the left hand of government not knowing what the right hand is doing, demanding the provisions of the Data Protection Act are complied with and then asking data to be kept for possible use by government.

Liberal Democrat IT spokesman Richard Allan

The government is in a legal muddle because it is in a position of having different pieces of legislation conflicting with each other. If you are trying to apply all these pieces of legislation, whichever way you turn you face legal uncertainty and that is not a satisfactory position.

Labour MP Graham Allen

The government should get its act together and come forward with a more coherent policy for information which it expects the industry to adhere to. Ministers must make available more certain proposals to compensate internet service providers and other telecoms providers for the additional costs they face intercepting and storing traffic data.

Martha Bennett, vice president at Giga Informsation Group

Data retention laws also have implications in terms of data protection because companies need to be sure that they not mixing data that they're being told to keep.

Mark Watts, partner with law firm Bristows

There's always a tension between protecting security and preventing crime. It's a classic balancing act - it would be difficult to have effective security without total privacy.

Thomas Murphy, general counsel to the Automobile Association insurance business

Clearly you can't choose to ignore any of the legislation, but there are various ways you can comply and it's up the businesses to decide how they choose to do so.