The Data Protection Acts are probably the most frequently broken laws in the UK and unfortunately, they are also the least enforced laws. It is probably true that the average person breaks the data protection laws several times each day.
It is a common misconception that the Data Protection Acts only apply to computers, but they actually apply to all data regardless of the format, whether on a computer, on paper, or just in your head. Yes, if you tell someone your friend's phone number without authorising it with them first, you may have just broken the law.
You are responsible for all of the information that you have. This means that you should not divulge information concerning other people or organisations without their consent. You must also take appropriate action to secure your data to ensure that their information cannot be obtained by malicious third parties.
This means that if you leave your unprotected laptop on a train like a sloppy civil servant, you may have broken the law. And if your computer gets a virus that steals data, you've probably broken the law. Viruses are completely avoidable (with education), in fact the vast majority of viruses require you to explicitly activate them.
Computer security is a serious business which shouldn't be taken lightly. People often say that it's scary when you think about all of the security issues involving computers. But I think it's much more scary when you think of the number of people who are completely nonchalant about IT security. The vast majority of people show absolutely no knowledge or understanding of IT security and yet they may be in charge of large portions of other people's sensitive data.
There's also some data on your computer that you may not realise is your responsibility. Data that you might not have put there.
For example, when somebody sends you an email, that email contains their return address. You are now legally responsible for ensuring that nobody can get hold of that email address. You are responsible for ensuring that no viruses or malicious software can get onto your computer to steal that email address.
If you run an email newsletter or mailing list, you are responsible for securing all that data. Even after you discard your hardware. If you don't wipe it completely, you are responsible if somebody gets the data off it.
Scary, isn't it.
But I'm not saying all this to scare you, and I'm not saying it to threaten you. You are unlikely to ever be warned, let alone prosecuted under the Data Protection Acts even if you are blatantly flouting them. But IT security is important and I believe that it is something everybody should understand and consider in everything they do on a computer. I encourage everybody to learn enough about IT security to look after their assets. Computers are expensive and valuable, the data on them even more so. They need looking after.
And just to cover myself, I am not a lawyer and none of this constitutes legal advice. Just look after yourself and look after your data. Don't let it be your downfall.
