PRIVACY LAWS ARE FLAWED, SAYS COMMISSION
15 Aug, 2011
The Equality and Human Rights Commission is today (Aug 15th) publishing a report that shows current privacy law is failing to stop breaches of personal data privacy and is not keeping pace with the rapid growth in personal data collection.
In response to the research findings the Commission wants the government to bring in changes that will better protect personal information.
The report shows that the way government and its agencies collect, use and store personal data is deeply flawed. They may be unaware that they are breaking the law as the complexity of the legal framework means their obligations are unclear.
It also finds that it is difficult for people to know what information is held on them, by which government agency or private sector body, or how it is being used. For example, as there is currently no law regulating the use of CCTV cameras it would be very difficult for someone to find which organisations hold footage of them.
It can be hard to check the accuracy of personal data held, to hold anyone to account for errors in the data or its misuse and to challenge decisions made about someone on the basis of that information. Calling any public or private organisation to account is made more difficult because people often may not know what their rights are or know when a breach of those rights has occurred.
Breaches of privacy are likely to get worse in the future as demand for personal information increases and as new technology is developed for collecting, storing and sharing that data that are not covered by existing legislation or regulations. Piecemeal reform of relevant laws, such as the proposals in the Protection of Freedoms Bill, although welcome, may not be sufficient to ensure people’s rights are protected.
Multiple breaches of personal data privacy – including the amount of information and how it is collected, loss of data, data being passed between agencies without permission and the use of surveillance – underline the pressing need for the state and others to reform how information about people is collected, used and stored.
One example of a breach of information privacy came to light in November 2007 when the Government revealed that HM Revenue and Customs had lost a computer disc containing the child benefit records of more than 25 million people. Less than a month later, the Government then disclosed that a computer hard drive had also gone missing in the United States, this time with the personal details of some three million UK learner drivers.
In response to the report’s findings, the Commission is making three recommendations to government:
- streamline the current legislation on information privacy so that it is easier for organisations to understand their responsibilities and simpler for citizens to know and use their rights.
- ensure that public bodies and others have to properly justify why they need someone’s personal data and for what purpose. Any requirement to use personal data for any purpose other than for which it was collected should go through a vetting process. Organisations should ensure they comply with the current data protection and RIPA regimes, in addition to the Human Rights Act.
- all public bodies should carefully consider the impact on information privacy of any new policy or practice and ensure that all requests for personal data are justified and proportionate.
Geraldine Van Bueren, a Commissioner for the Equality and Human Rights Commission said:
“It’s important that the government and its agencies have the information they need about us to do their job, for example to fight crime, or protect our health. However, the state is holding increasing amounts of information about our lives without us knowing, being able to check that it’s accurate or being able to challenge this effectively.
“This needs to change so that any need for personal information has to be clearly justified by the organisation that wants it. The law and regulatory framework needs to be simplified and in the meantime public authorities need to check what data they have and that it complies with the existing laws.”