The relatively relaxed regime under the Data Protection Act is being augmented by more and more legislation setting out prescribed protections for data security. As well as the new ss. 77 and 144 of the Criminal Justice and Immigration Act 2008, which means that sanctions for criminal offences under the DPA will now include potentially significant fines and jail sentences, there have been other interesting developments recently showing that the law-makers in the UK and EU are seeing this as an increasingly important issue.
Did you know that the new Companies Act 2006 places a direct obligation on company directors to ensure the confidentiality of data (not just personal data, but all forms of commercially sensitive information)? This is on top of the obligations to protect audit-related data under corporate governance legislation.
Also, calls are increasing for the EU’s amendments to the E-Privacy Directive to be expanded to include a data security breach notification for all organisations – we’ll have to wait until the summer to see if this is the case.
You have been warned!