October the 23rd 2001, the date on which this act became more or less full-blooded, is now past. Are you ready or are you still playing Data Protection roulette?

Although somewhat intricate in detail, it is a misconception that this Act is inherently difficult.  The basic concepts are relatively uncomplicated and can be expressed in a simple diagram.

The Act is designed to protect the individual’s personal data from potential misuse, abuse, misrepresentation or unwarranted intrusion by those who process such data, whether in commerce or government.  The Act is an interaction of fundamental concepts of privacy, the need-to-know, confidentiality, and the protection of the individual’s rights and freedoms.

The diagram shows such interaction succinctly.

Consider the individual (called the Data Subject) who has expectations of privacy and fairness.  He generates data about himself and his life continuously.  A 100% privacy would mean all this personal data is contained behind the privacy boundary (Green Area) and nothing can escape.  The individual has total control of his data and thus total data security.  Clearly such blanket privacy would not work.

For society to function, privacy must be invaded to some extent.  Data users (Data Controllers) may then penetrate the privacy only to the extent dictated by their ‘need to-know requirements’ for the agreed or otherwise legitimate purposes.  The Act defines those legitimate purposes, and the attendant conditions of ‘fairness’ to the Data Subject.

All this user processing is done behind a boundary of security and confidentiality (Blue Area) so that the individual’s data is properly protected.

In addition, the individual now has rights over the usage of his own personal data, principally those of access, accuracy and against unauthorised uses (Red Area).  This should in no way impede the responsible employer.  Indeed the legislation actively protects the employer from data crimes such as the theft of a client list.

Be warned however - data protection is not just a local IT departmental issue.   Knowledge, training and compliance will need to permeate the whole organisation from top to bottom.  Failure in this regard could lead to costly mistakes, potentially evolving criminal and civil prosecutions on both the organisation and its senior officers.

Fortunately tools are at hand to make a molehill out of the Data Protection mountain.

Take the trouble to be properly informed!

© Copyright WY Milne Associates Ltd March 2001.  Licensed for unrestricted use by any registered user provided source is acknowledged.