The UK's stringent data protection laws went into force
yesterday - but less than one-quarter of UK companies have even heard
of them.
A survey by security companies Content Technologies and
CenturyCom found that on the eve of enforcement, only eight per cent of
UK blue-chip firms had made the necessary preparations.
From now on, under the terms of the 1998 Data Protection
Act, it is an offence for companies to distribute personal details of
their employees or staff outside the EU, without explicit written consent.
The laws are intended to protect personal data against sale to third parties,
but they pose problems for companies with a multi-national payroll.
Chris Heslop, marketing director at Content Technologies,
said: "There's very little awareness of how electronic information is
moved around in an organisation, particularly email which is both spontaneous
and permanent. Companies need to establish content policies that can be
enforced, to monitor the flow of information in and out of a company,"
he commented.
The laws bring UK companies into line with an EU data protection
directive. They particularly affect European companies trading with the
US, where infringement of personal data is not a criminal offence.
The UK Data Protection Registrar will only enforce the new
laws following specific consumer complaints, so businesses still have
time to set up an all-encompassing content policy.
Anna Lagerkvist
|