§ Mr. CohenTo ask the Secretary of State for the Home Department (1) if he will make a statement concerning the cost of implementing the proposed European Commission directive on data protection; and if he will place background material or submissions from data user organisations in the Library;
(2) if he will make a statement concerning the costs of implementing the Data Protection Act 1984.
§ Mr. Peter LloydA recent survey, involving returns on behalf of some 625 organisations in the United Kingdom, suggested that the cost of implementing the directive in its present form within those organisations could come to some £2.24 billion, with annual costs thereafter of some £308 million. The organisations represented in the survey were only a small proportion of all users of personal data in the United Kingdom, so the total United Kingdom costs could be very considerably higher. No figures are available of the total costs to data users of the current data protection legislation: the survey suggested that the current annual cost for the organisations represented is some £13 million.
I am placing the paper showing the results of the survey in the Library of the House.
§ Mr. CohenTo ask the Secretary of State for the Home Department (1) whether he has plans to amend the Data Protection Act 1984 to reduce the bureaucratic burden associated with registration; and if he will make a statement;
(2) what effect his initiative in relation to reducing the burden of bureaucracy will have on the operating of the Data Protection Act 1984; and if he will make a statement.
§ Mr. Peter LloydThe deregulation task force recommended that the data protection regime should be simplified. No action on this can usefully be taken, however, until the outcome of negotiations on the EC data protection directive is known. In its present form, the draft directive would impose additional burdens on data users, and the United Kingdom has been arguing for significant improvements to the text.
§ Mr. CohenTo ask the Secretary of State for the Home Department whether he will make a statement in relation to progress being made towards agreement on the proposed European Commission directive on data protection; and if he will outline the areas where there is still disagreement between member states.
692W
§ Mr. Peter LloydThe Council working party has now concluded its second reading of the revised text of the draft directive, and a report has been submitted to the Council of Ministers. It is not the practice during negotiations to disclose the extent of agreement or disagreement on any particular issue. Some progress has been made, but the range of views expressed continues to be very wide.
§ Mr. AllenTo ask the Secretary of State for the Home Department (1) if he will make a statement on the measures in force to prevent the disclosure of private information being gained by misrepresentation;
(2) for the Home Department what proposals he has in respect of the buying and selling of information that is being gained illegally from computer databases.
§ Mr. Peter LloydThe Data Protection Act 1984 requires users of computerised personal data to take appropriate security measures against unauthorised access to, or disclosure of, the data. In addition, it is an offence under the act knowingly or recklessly to disclose data otherwise than in accordance with the relevant entry in the register of data users held by the Data Protection Registrar.
There may, however, be a small lacuna in the law in respect of third parties who secure the disclosure of information by deception. For this reason, the Government intend to make it an offence to procure the disclosure of data in circumstances not covered by the register entry of the data user concerned. We believe the problem is best dealt with at the point where the data are obtained, rather than at the subsequent stage where use is made of them.