Eric Howe, the UK Data Protection Registrar, has published his annual report to Parliament, and made a number of recommendations to simplify and clarify the Data Protection Act of 1984. He suggests that registration should be simplified by restricting it to sensitive areas, which would ease the burden on small companies and cut the numbers required to register from 180,000 to around 50,000. He also wants to see all data users observe the Data Protection Principles, whether registered or not. Mr Howe revealed that the first enforcement notices have been served on companies that have not complied with the existing Principles. Three of the notices concern direct marketing, and the fourth was against the Halifax Building Society which failed to give information in response to an access request. The Registrar has also singled out what he considers to be significant issues in data protection. These include the Community Charge, the Football Spectators Bill, hacking and the law, and the use of third party information in credit assessment. The Community Charge issue is complicated by the recent situation in Trafford where the local authority illegally requested information on household relationships. That authority has erased the information from its computers, but still possesses it on paper. Trafford has made a written undertaking not to use this information, but other authorities have requested similar details and have implied that it is a statutory requirement. Mr Howe was unable to comment on the legality or advisability of witholding information from Community Charge Registration Officers, but acknowledged the apparent conflict between the legal obligations of Community Charge registration and Data Protection rights. However, the Registrar appears to have scored a winner on the football membership scheme. Recent legislation has stipulated that the Football Membership Authority and football clubs must comply with the eight data protection principles. This means that clubs must disclose why they are gathering information and how they will use it. This should prevent the sale of lists either to fund membership schemes, or for other purposes. The problem of computer hacking is more difficult to resolve. The Registrar has recommended that an offence barrier should be established when hacking could affect the health and safety of individuals. However, he also accepts that it is often committed by juveniles, and he is unwilling to turn children or teenagers into criminals. Third party information in credit assessment is a bone of contention between the Registrar and the credit industry. He believes that if the industry is not prepared to forego third party information in some circumstances, it will contravene the Data Protection Principles, and he is planning to take enforcement action if the credit agencies remain opposed to change.
