Data Protection Act
And if you don’t comply?
If ‘data controllers’ can’t show compliance, they could be subject to financial or non-financial penalties. In the first instance, information and enforcement notices may be served with a specified time to take action. A warrant could be issued and a company may be asked to destroy certain information.
If a company fails to comply with an enforcement notice, a fine of up to ?5,000 could be imposed and, I repeat, this may be a Personnel Manager’s liability. Companies may also receive adverse publicity as a result of their failure to comply with the regulations.
The bottom line
Compensation for damage and distress may also be awarded to the data subject. At present, no precedent has been set for data subject claims so there is no ceiling to the amount that could be awarded. Watch this space for news of the first payment of five-figure damages to someone whose career or promotion prospects were adversely affected by their employer discovering, from unlawfully maintained data, that they had a string of County Court Judgments against them for non-payment of debt.
Further information about the Act can be obtained from The Office of the Data Protection Commissioner on 01625 545 700 or a complete copy of the Data Protection Act 1998 is available online at: www.hmso.gov.uk. If your company holds and processes a lot of personal data, you might need to seek the advice of a solicitor experienced in employment and contractual law.