Revised Data Act looms

Too few companies are aware of the revised Data Protection Act which comes into force next month.

The Data Protection Act 1998, which comes into force on 1 March, updates the 1984 Act, placing costly new duties on companies that process data. The revisions strengthen the protection of data held by companies about individuals.

The Data Protection Registrar is concerned that awareness of the Act remains stubbornly low among users. Research carried out by the Registrar in April 1999 showed only 38 per cent of data users were aware of the new Act, with small companies the least knowledgeable. Awareness remains low, a spokesman said last week.

A Home Office study suggests that the total cost of compliance for both government and the private sector will be about £742 million a year, a figure the Registrar disputes.

Data already being processed before 24 October 1998 will not have to comply with the Act until October 2001, and data held in manual filing systems will not need to comply until 2007.

But the Act will also introduce tighter controls on employers' use of employee data, such as collecting data to monitor performance, including the interception of email and use of CCTV.

The Act gives individuals more power. Under the 1984 Act individuals were entitled only to a copy of data processed; under the new Act they are also entitled to a description of the purposes for which it is being processed, and a list of any potential recipients.

Individuals will also have the right to claim compensation for damage caused by any breach of the Act.