Data Protection: A practical guide to UK and EU law
by Peter Carey (Oxford University Press, 3rd ed. 2009): 576pp, £97 (pbk), ISBN 978 0 19 956354 8.
Reviewed by John Firth
'Personal data' comprise information relating to a living individual. We proofreaders and copy-editors rarely handle personal data in our professional work, and when we do, we are probably 'data processors' and do not need to register with the Information Commissioner's Officer (ICO). However, when carrying out various business development or office administration activities – which are likely if we manage projects and almost certain if we are employers – we might be 'data controllers' who do need to register.
Registration involves both an annual fee (currently £35) and a duty to keep the registration accurate and up to date. There are exemptions from registration for 'journalism, literature and art' and 'research, history and statistics', but these all have conditions, all of which must be met. Those not obliged to register must still comply with the data protection principles (contained in the Data Protection Act 1998), and (in most circumstances) disclose the personal data we hold if asked by the subject to do so.
A name and an email address are personal data, so bulk mailings, unsolicited (e.g. marketing) mailshots and (especially) sending a subject's data to a non-EU country are all potentially illegal. Collecting personal data via a website is also a tricky area.
Far from user-friendly
Data Protection has 234 pages of commentary, plus legislative texts. Although there is an index plus a detailed contents list, it's not easy to find what's relevant. First, as the author comments, 'the restrictions ... in the European Union are the toughest anywhere on the planet'; second, this is a reference book for lawyers, not a guide for business people; and third, the author doesn't appear to understand how much businesses vary.
The Information Commissioner's 'templates' of what is registrable for various types of business are helpful, but Peter Carey does little more than mention them. And although the ICO website is far from user-friendly, it is probably a better 'first port of call' for SfEP members concerned about this subject.