Privacy Advisor

Global Privacy Dispatches- UK- Data Security Law

March 1, 2008

By Stewart Room

Ministry of Justice to Consult on New Data Security Law


In January 2008, in response to the loss of the HMRC's data disks (November 2007), the House of Commons Justice Committee published a report titled "Protection of Private Data", which deals with the Information Commissioner's calls for criminal penalties to punish data security breaches. To recap, in December 2007 the Commissioner published a paper titled "the case for amending the Data Protection Act 1998", in which he proposed the introduction of a new criminal offence of failing to comply with the data protection principles. The Commissioner's proposal for the offence is:

   1. A data controller who, knowingly or recklessly, fails to discharge the duty imposed by section 4(4) is guilty of an offence where that failure results in a substantial risk that any person will suffer damage or distress.
   2. It is a defence for a data controller charged with an offence under subsection (1) to prove that he exercised all due diligence to comply with the section 4(4) duty.

On 28th January, at the party at the House of Commons to celebrate the launch of his new CCTV Code of Practice, the Information Commissioner revealed to the writer and others that the Ministry of Justice will be issuing a consultation paper on his proposals, either in February or March. Watch this space.

New CCTV Code of Practice


The Information Commissioner's new Code of Practice for the use of CCTV was launched on 28th January (see previous article). The "innovation" within this report is the Commissioner's opinion that audio tracks will breach privacy rights. The press release that announced the new code says:

"The code of practice describes the use of sound recording as 'highly intrusive' and warns organisations that recording people's conversations would only ever be justified in highly exceptional circumstances."

Whether this statement constitutes a correct statement of the law is open to doubt however. Furthermore, it is worth noting that Information Commissioner codes are not binding on the courts.

Financial Services Authority Announces Data Security Clampdown

The FSA is getting heavy with financial service institutions that fail to keep data safe. This is the message within the FSA's new annual business plan published in January. We also understand that in March the FSA will announce a new policy for data security.


Stewart Room is a Partner in the Privacy and Information Law Group at Field Fisher Waterhouse. He may be reached at stewart.room@ffw.com.