EC gives UK two months to up data protection laws

Contributed by Roumiana Deltcheva (Montag, 28 Juni 2010) | Category : Email security

On Thursday, the European Commission told the UK it must strengthen its laws for data protection to comply with the Union's Data Protection Directive. According to Computing.co.uk, the UK now has two months to improve its security to meet these regulations.

In asking the UK to up its data protection, the EC cited several issues the UK currently has regarding the Information Commissioner's Office's abilities. First, the ICO is not currently allowed to look at data protection in third countries to determine if it is sufficient. Computing.co.uk notes many third countries typically host data before transferring it to its final destination. The EC feels the ICO needs to ensure the protection before any international transfers take place.

Second, the ICO is currently unable to conduct random checks on those processing personal data, nor is it able to enforce penalties if it finds the protection to be noncompliant with regulations. The EC is in favor of the ICO having the power to do both. Lastly, UK courts currently have the ability to refuse the right of having personal data rectified or erased. In addition, the right to compensation for moral damage if personal information is compromised is restricted in UK courts. The EC feels, of these two rights, the former should be removed entirely while the restrictions on the latter should be lifted.

While the European Commission believes strengthening the ICO's powers will in turn increase data protection, some industry members see the request as a hindrance.

"It seems that the EC is calling for a greater overview of international data exports and mandatory private sector data audits," said Phil Lee, a data privacy specialist for law firm Osborne Clarke. "This would radically alter the traditionally held view that the UK has a business-friendly privacy regime." Lee added "the move could usher in a new era of regulatory oversight at a significant cost to business," Computing.co.uk relays.

Attention to data protection in the U.S. has also seen a recent increase. President Barack Obama's administration has mandated healthcare organizations convert to digital patient records and management systems. This move is meant to increase efficiency and ensure data-leak prevention for these organizations, while remaining compliant with regulations set forth by the Health Insurance Portability and Accountability Act.