Our PR people at ITPR contacted me this morning asking for a comment on a KPMG article about the Data Protection Act. Not really our area I thought to myself until I read the piece. Apparently public and private sector organisations that hold paper-based files will be in breach of the Data Protection Act (DPA) if they do not digitise their records by October.
When the DPA was introduced in 1998, files that already existed on paper and contained personal data were not affected by the compliance obligations, but in October that exemption will end and all information must be accessible within 40 days to a member of the public who requests it.
So what I hear you say! Well a few observations occurred to me:
Is there any public good being served by forcing organisations to digitise paper records that are at least 10 years old on the off chance that someone is going to request access to their “private data”?
Who is going to pay for all this work? Rhetorical question! Customers are.
I find it ironic that the Government may prosecute organisations for not having electronic copies of 10 year old paper data when they are positively discouraging organisations from using electronic expense management systems by prohibiting the electronic copying of paper receipts. It was this issue and its impact on [email protected] which was the original reason for ITPR asking my views.
Companies will incur considerable expense in order to comply with the act and my suspicion is that most organisations will opt to destroy or dispose of data instead. This can’t be good for the environment and may not be good for customer privacy unless the records are disposed of carefully.
Digitising paper records is one thing. Any fool with a scanner can do that. What’s important is to ensure that the data is stored in a logical, searchable, and secure format. If the process is not handled carefully then personal data could become less secure which I would guess is not what the authors of the act had in mind!”
More daft bureaucracy I’m afraid.