UK swamped by data rules

Business leaders are calling for talks with government on the growing legislative and regulatory requirements for managing data.

Companies face an increasing list of rules and regulations that impact the handling of information and though financial services firms are at the frontline, there are implications for all businesses.

The latest development is the updated Regulation of Investigatory Powers Act, sent to the House of Commons last week alongside proposals under the Anti-Terrorism, Crime and Security Act, that data such as telephone and email records should be held for 12 months.

There is no clear framework to explain exactly what companies must and must not do to comply with all the different laws, says Jeremy Beale, head of ebusiness at the Confederation of British Industry.

'There are a whole plethora of different things that have come up and that need to be looked at overall and brought together,' he said.

'The whole gamut of legislation, what government is doing and how business interacts, needs to be considered at a much higher level to help make the framework businesses have to deal with much simper, much more straightforward and much more effective.'

Confidence in ecommerce is being affected, says Beatrice Rogers, ebusiness programme manager at supplier trade body Intellect.

'We are supposed to be aiming for a target of being the best place in the world for ebusiness, but data retention laws foster a lack of trust. Both business and consumers are left not wanting to use services because they are not sure how their information is going to be used,' she said.

It is important to strike the right balance, says John Handby, chief executive of IT directors' forum CIO Connect.

'With different agencies and legislation cutting across each other and putting things in that conflict, overlap or contradict each other then it's not surprising that people on the receiving end have difficulties making sense of it,' he said.

'We need to develop the legislation and the statutory instruments to give good protection to the public but still allow clarity and reasonable usage of data on the part of business.'

Legislation and regulations that could affect your data

Data Protection Act 1998

Regulation of Investigatory Powers Act 2000

Computer Misuse Act 1990

Ecommerce Regulations 2002

Human Rights Act 1998

Copyright Patents and Designs Act 1988

Freedom of Information Act 2000

BS7799 certification

Anti-money laundering (Criminal Justice Act 1988, Drug Trafficking Act 1994, Terrorism Act 2000)

The Financial Services and Markets Act 2000

International Financial Reporting Standards

Financial Services Authority Operational Risk Systems and Controls guidelines

Information Commissioner's Code on Employer's Monitoring Practices

Basel II Accord

EU Directive on Privacy and Electronic Communications

EU Insurance Mediation Directive

EU Directive on Data Protection

US Sarbanes-Oxley Act

US Patriot Act

US Reduction in Distribution of Spam Act (proposed

Source: Tarlo Lyons and Computing