Page 61 of 112
Previous Page     Next Page        Smaller fonts | Larger fonts     Go back to the flash version

JANUARY 2013

Legal Focus

61 Data Protection Compliance UK

Data Protection issues graced the news pages again recently with Prudential being fined £50, 000 for seriously breaching the Data Protection Act by mixing up two customers with the same name and date of birth, resulting in tens of thousands of pounds of retirement funds ending up in the wrong account. The error, which took several years to be rectified, highlights how easily problems can still arise around data protection, and that it is an area that can never be neglected. To find out more, Lawyer Monthly speaks to Bridget Treacy, Managing Partner of Hunton & Williams’ London office and head of the UK Privacy and Information Management practice. Bridget’s practice focuses on all aspects of privacy and information governance for multinational companies, including big data and analytics, cloud computing, cross border data transfers, behavioral targeting and data breach.

according to reports, the Ico received more public complaints about the financial sector for the way their information was handled than any other sector. What are your opinions on this?

Information is an increasingly valuable asset for businesses across all sectors, yet there are significant legal restrictions when it comes to dealing with data that is deemed “personal”. With individuals becoming increasingly aware of their own privacy rights, the ICO has an important role to play. The reportedly high number of complaints about the financial sector are likely to be linked to unsolicited spam texts or emails relating to accident claims and payment protection insurance. The ICO has made it easier for individuals to complain about such abuses by including a complaints form on its website. Just this month, a marketing company which sent some 840,000 illegal SMS text messages a day, received monetary penalties totalling £440,000.

How do you think companies can guard against a repeat of the problem Prudential encountered recently?

This was, notably, the first monetary penalty under the DPA that did not relate to a data loss, a reminder that data protection is not just about data security. In the EU, for example, organisations are also required to satisfy a range of other data obligations including stipulations to process data fairly and lawfully, for limited purposes, and to ensure data are not retained unnecessarily.

With this in mind, organisations must adopt a structured approach to ensure they know what personal data they hold, what they are permitted to do with it, and that the data are processed in accordance with the other requirements of the DPA.

are current data protection regulations simple to comply with or are there multiple complexities?

There are always complexities, particularly when

it comes to accommodating the requirements of multiple jurisdictions. That said, organisations can simplify such challenges by adopting an holistic approach to data protection, knowing what data they collect and how they process it, and employing a structured approach to privacy risk assessment. This also allows organisations to utilise data for a wider range of commercial activities.

What are the main complexities?

Reconciling rapidly evolving technology and data processing activities with the constraints of existing law, which is somewhat out of date, is challenging. For example, organisations increasingly wish to utilise cloud-based technologies, yet EU restrictions on the cross- border transfer of data from Europe, and the need to create a chain of responsibility that identifies those organisations that play a role in processing personal data, can create near insurmountable difficulties.

Other routine complexities include the need to satisfy a legal basis for the data processing activity in the first place (personal data may only be processed in reliance on a valid legal basis, which may include consent); the need to ensure that staff are aware of data protection issues and understand how their actions can enhance or endanger data assets; and the need to simply be aware of the extent of their data assets, and of how to utilise or safeguard them.

Has the amount of data protection-related challenges risen considerably as the growth of technology becomes more and more rapid?

Yes. As organisations seek to learn ever more about their customers and enable very targeted service provision, data processing has become much more sophisticated. However, such data strategies must be implemented in the right way. Every organisation should undertake a structured privacy impact assessment, likely to become mandatory under the new EU data protection

www.lawyer-monthly.com

regulation, before using personal data in new ways.

Is there anything else you would like to add?

Data is frequently described as the “new currency”, the “new oil” or the “crown jewels” of modern business. Given its inherent value, organisations must ensure that personal data assets are managed in a legally compliant way. Failure to do so may result in regulator enforcement, reputational harm or lost opportunities. LM

Visit Hunton & Williams’ privacy blog at www.huntonprivacyblog.com, and our EU data protection regulation tracker at www.huntonregulationtracker.com.

contact details:

Bridget treacy Partner

Hunton & Williams 30 St Mary axe London Ec3a 8EP

Phone: +44 (0)20 7220 5731 Fax: +44 (0)20 7220 5772 Email: btreacy@hunton.com Website: www.hunton.com

Previous arrowPrevious Page     Next PageNext arrow        Smaller fonts | Larger fonts     Go back to the flash version
1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40  |  41  |  42  |  43  |  44  |  45  |  46  |  47  |  48  |  49  |  50  |  51  |  52  |  53  |  54  |  55  |  56  |  57  |  58  |  59  |  60  |  61  |  62  |  63  |  64  |  65  |  66  |  67  |  68  |  69  |  70  |  71  |  72  |  73  |  74  |  75  |  76  |  77  |  78  |  79  |  80  |  81  |  82  |  83  |  84  |  85  |  86  |  87  |  88  |  89  |  90  |  91  |  92  |  93  |  94  |  95  |  96  |  97  |  98  |  99  |  100  |  101  |  102  |  103  |  104  |  105  |  106  |  107  |  108  |  109  |  110  |  111  |  112