DPA hits 10-year milestone

Are the 10-year-old data protection laws still fit for purpose?

The Data Protection Act (DPA) 1998 today marks the ten-year anniversary, but increasingly data specialists are split on whether it still fit for purpose.

With the issue of data protection today receiving unparalleled attention, some commentators are suggesting that the rapid advances in technology have outpaced the legislation.

The amount of data being stored by enterprises today was inconceivable when the DPA received Royal assent on 16 june 1998, said Jamie Cowper, marketing director at security vendor, PGP Corporation. "I’d be surprised if nearly all companies aren’t in some way contravening the Act as it currently stands, whether they realise it or not."

Cowper called for a major overhaul of the legislation, arguing that it needed to be given "much sharper teeth", to persuade business leaders to abide by its principles.

But others believe that little change is needed, arguing that the broad principles of the Act provide a solid basis for navigating a complex issue in a fast-changing environment.

"[The DPA] doesn't need any major overhaul and can be seen as a good building block to move forward with," said Annabel Lyell, a solicitor with law firm Morgan Cole. "The fair and lawful processing of personal data is still a very useful concept."

Under the DPA's first principle, also known as the "fair and lawful processing" principle, individuals have the right to know who is collecting and storing information about them.