- Email: [email protected]
EU, USA make little progress with data protection
NEWS
DATA PROTECTION Companies warned of lack of preparation he Nation-wide Association of Information Destruction (NAID) is urging its members to help their clients prepare for the UK's new Data Protection Act (DPA). According to the results of a recent poll, almost 85% of companies are unaware of the fact that the 1998 DPA will have serious effects on their storage and utilization of information, held both on electronic media and manually.
T
The Act, which came into force last October, has not yet been fully ratified, but its consequences will begin to be felt from this Spring. The Act now includes manual files, total access to information and restricted transfer of data to foreign countries. The problem with the new Act is that not only does it restrict the way companies allocate and record information, giving the new data Protection Commissioner the right to order audits of information held, but it also makes directors and senior managers responsible for any breaches of the Act by their data processors.
John Mills of NAID explained, "The implications of the Act are vast. In terms of information destruction, vetting employees it vitally important, yet one of the new sections of the Act (Section 56) prohibits vetting personnel by certificate. For security companies this is a disaster ... the Act makes it essential to ensure that anything which is not required is securely destroyed. Unfortunately, NAID has received too many reports of confidential data found on rubbish tips or accessed by personnel who wish to make a name for themselves. The consequences for a data controller could now be a £5000 fine, a criminal record and a possible prison sentence. This brings to light the essential nature of having secure data destruction systems in place."
Forfurther information, contact John Mills, Nation Wide Association for Information Destruction (UK) on: +448706011080; E-mail: [email protected].
EU, USA make little progress with data protection ccording to a story in the Financial Times, the European Union and the United States have made little real progress in discussions to resolve a potentially devastating dispute over data protection. Reports reveal that there are still substantial hurdles to be overcome if agreement is to be reached before the EU-US summit to be held in June.
A
The EU and USA have been struggling to find a solution to the dispute over the EU's data protection directive since last summer, but failed to do so before October when the EU's data protection directive came into force. The directive empowers national EU data regulators to halt exports of personal data to countries which they judge do not have adequate protection arrangements. The US is
Computer Fraud & Security February 1999 3723/99/$20.00 © 1999 Elsevier Science Ltd. All rights reserved
rumoured to be one such country. The lack of concrete results therefore raised the prospect of a serious disruption to trade between the USA and EU countries. So far, EU member states have not threatened to disrupt transfers of information, but officials fear action could be taken imminently. The disagreements stem from the European suspicions that the US's decentralized approach to data protection - a mixture of law, regulation and self-regulation does not meet the standards of its new directive. The US has proposed a system of 'safe harbours' for companies that agree to adhere to a set of principles. Each organization subscribing to the safe harbour principles would be presumed to be providing adequate privacy protection.
3
DATA PROTECTION Companies warned of lack of preparation he Nation-wide Association of Information Destruction (NAID) is urging its members to help their clients prepare for the UK's new Data Protection Act (DPA). According to the results of a recent poll, almost 85% of companies are unaware of the fact that the 1998 DPA will have serious effects on their storage and utilization of information, held both on electronic media and manually.
T
The Act, which came into force last October, has not yet been fully ratified, but its consequences will begin to be felt from this Spring. The Act now includes manual files, total access to information and restricted transfer of data to foreign countries. The problem with the new Act is that not only does it restrict the way companies allocate and record information, giving the new data Protection Commissioner the right to order audits of information held, but it also makes directors and senior managers responsible for any breaches of the Act by their data processors.
John Mills of NAID explained, "The implications of the Act are vast. In terms of information destruction, vetting employees it vitally important, yet one of the new sections of the Act (Section 56) prohibits vetting personnel by certificate. For security companies this is a disaster ... the Act makes it essential to ensure that anything which is not required is securely destroyed. Unfortunately, NAID has received too many reports of confidential data found on rubbish tips or accessed by personnel who wish to make a name for themselves. The consequences for a data controller could now be a £5000 fine, a criminal record and a possible prison sentence. This brings to light the essential nature of having secure data destruction systems in place."
Forfurther information, contact John Mills, Nation Wide Association for Information Destruction (UK) on: +448706011080; E-mail: [email protected].
EU, USA make little progress with data protection ccording to a story in the Financial Times, the European Union and the United States have made little real progress in discussions to resolve a potentially devastating dispute over data protection. Reports reveal that there are still substantial hurdles to be overcome if agreement is to be reached before the EU-US summit to be held in June.
A
The EU and USA have been struggling to find a solution to the dispute over the EU's data protection directive since last summer, but failed to do so before October when the EU's data protection directive came into force. The directive empowers national EU data regulators to halt exports of personal data to countries which they judge do not have adequate protection arrangements. The US is
Computer Fraud & Security February 1999 3723/99/$20.00 © 1999 Elsevier Science Ltd. All rights reserved
rumoured to be one such country. The lack of concrete results therefore raised the prospect of a serious disruption to trade between the USA and EU countries. So far, EU member states have not threatened to disrupt transfers of information, but officials fear action could be taken imminently. The disagreements stem from the European suspicions that the US's decentralized approach to data protection - a mixture of law, regulation and self-regulation does not meet the standards of its new directive. The US has proposed a system of 'safe harbours' for companies that agree to adhere to a set of principles. Each organization subscribing to the safe harbour principles would be presumed to be providing adequate privacy protection.
3