Data Protection Rules
The murder finding in the Soham murder case led to publicity on the laws protecting personal data. The Data Protection Act 1998 is notoriously difficult to interpret. Police forces around the country had different views on its rules. It requires that people’s personal data should not be held for longer than is necessary. Important records had been destroyed apparently on these grounds under the Act.
Tony Forster, a partner in our Company Commercial Department, says “Always take advice about retention periods for records. Keeping records too long could breach data law, but also keeping them for too short a period may result in breach of other legal obligations. There have been lots of developments in this area. A new code of practice on medical records and data protection for employers has been issued in draft form and on 11th December the new rules on email marketing and use of “cookies” and location or tracking devices came into force. Two companies have already fallen foul of email marketing rules.
Finally and perhaps most important of all the Court of Appeal has now looked at what kind of data is caught by the Act in the first place.
The case concerned a Mr Michael Durant who wanted access to personal information held by the Financial Services Authority. The FSA had refused and he sued. The Court held that the information was not personal data so the Act did not apply. Just because the data mentioned him did not bring it within the Act. This will be good news for many businesses grappling with the DPA.”
For further information contact Tony Forster on (0117) 929 0451 or e-mail tforster@metcalfes.co.uk
This press release summarises the law on issues which we believe may be of interest to your business. It is not a comprehensive review of the subjects and accordingly is published without responsibility for loss occasioned to any person(s) acting or refraining from action as a result of information published