Recent research conducted for the Information Commissioner’s Office reveals that 78 percent of small businesses are “unaware that they are required to keep customer information accurate and up to date”.
Frankly, their …
Recent research conducted for the Information Commissioner’s Office reveals that 78 percent of small businesses are “unaware that they are required to keep customer information accurate and up to date”.
Frankly, their ignorance is not surprising, when you consider how much documentation they have had to to plough through to understand what the Data Protection Act is all about. (Visit ico.gov.uk to see what I mean.)
Yet, as always, ignorance is no defence for non-compliance and, apart from exempt organisations, failure to register (cost £35) is a criminal offence which can result in a fine of up to £5,000.
Fortunately, the Commissioner’s Office has twigged that small businesses need help, so it has produced a brief guide to the subject for SMEs. Although helpful, it contains worrying caveats like, “This list does not include all the information that is covered by the Act. For a complete definition, please see our Legal Guidance document.”
This kind of thing, while backside-covering, does make life difficult for entrepreneurs who usually have other priorities for their time.
One thing that bugged me throughout the Guide, and the many Information Commissioner Office web pages that I visited, was the assumption that the reader is supposed to know what constitutes ‘personal information’.
The Guide itself only hints at the answer with, “Broadly … information that relates to living individuals which is held on computer. For example, this may include information such as name, address, date of birth … from which the individual can be identified.”
A more complete and helpful answer is in an eight-point questionnaire contained in a 22-page Acrobat document or as a web page.
At least if you start there, you’ll know whether the information you handle is subject to the Act and whether you even need to worry about all the other stuff.
I had a form in the post this morning for signing up to the Data Protection Act from a http://www.dparegistrations.org.uk which looked very official. It was when I saw that they wanted me to send £145(!) that I looked at their site and it looked so cheap that I googled their name straight away. The results that came back basically said not to send them any money.
Thanks for warning our readers, Phil. Greatly appreciated.
Scam artists have been leeching off decent business people for years. Here’s a list of the ones specialising in the Datra Protection Act in 2004.
I’m sure there are plenty more now.
You’ll be getting them for carbon trading soon, no doubt.