UK Seeks Input on Data Protection Law

Monday, July 19, 2010

Simon Heron

A88973e7d0943d295c99820ab9aeed27

The Government is right to ask for help in reviewing the Data Protection Act, which undoubtedly needs an overhaul. But is the best way to do this really to survey UK citizens on their views?

There may be some people who have in-depth knowledge of the ways that data can be used to carry out identify fraud, or compromise accounts, but surely a more sensible way to go would be to create a panel of experts who could come up with a workable review?

My concern is that, at a time when government has to be seen to be cutting down on quangos, there will be resistance to creating a DPA review panel. But asking the public what do to about the data protection – a complex technical issue about which the majority of informed citizens will probably have only a passing knowledge – seems a step too far in popularist government.

Of course, most people are going to say data protection is A Good Thing. No-one wants their child’s details to be lost or stolen (as we saw today by the ICO’s action against London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council).

But understandably, most people (unless they have a real interest in this area) won’t know the multiplicity of ways that data can be used to carry out identity theft, fraud or other criminal activity. If they did, the problem wouldn’t be as serious as it is.

Even people who should be really informed in this area have been caught out. We have seen Yahoo again compromised with Bob Dvorsky (a US senator). This is probably done in the same way as Sarah Palin’s account was compromised, weak password reset questions being just one way of exploiting people.

Let’s hope, then, that those citizens the government chooses to survey are those who are experts in this area, who know that workable solutions are not always straightforward; and even so-called experts don’t always get it right (the Digital Economy bill showed us that).

Cross-posted from Network-Box

Possibly Related Articles:
9586
General
Data Protection Act Government
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.