New data storage deadline looms

KPMG warns records should be digitised by October

Paper records need to be digitised

Public and private sector organisations that hold large volumes of certain paper-based files may be at risk of breaching the Data Protection Act (DPA) if they do not expand the scope of their records management activities by October.

When the DPA was introduced in 1998, some files that already existed on paper and contained personal data were exempted from the strict compliance obligations. But in October that exemption will end and the full provisions of the DPA become applicable to implicated files.

A report published this week by business advisors KPMG says while the majority of large organisations have computer-based systems for the management of new data, many still have a legacy of paper-based information that may have been sheltered by the exemption.

'For a small organisation the deadline might not be a problem, but larger organisations such as a financial services firms with hundreds of thousands of implicated files may find it difficult to comply with the Act,' said Steve Kenny, privacy services leader for KPMG.

Under the DPA, members of the public have the right to ask a company who has access to their personal data, whether it is accurate, still retained, and if it is stored securely.

'Many organisations have not grasped the potential scale of this problem,' said Kenny. 'There would be a serious loss of reputation for a large company who was in breach of the Act.'

Businesses must also be careful if they decide to dispose of the data rather than archive it.

Last month the Information Commissioner's office named and shamed 11 banks that had carelessly discarded customers' paper-based records.

David Smith, deputy information commissioner said: 'It is unacceptable for banks and other organisations to carelessly discard their customers' information. If they do, they risk further action from the Information Commissioner but also risk losing the trust of their customers.'