You are here: Home - News -

Ensuring you comply with the Data Protection Act

by:
  • 01/04/2000
  • 0
New and tougher legislation, the Data Protection Act 1998, came into force on 1 March. Those that ma...

New and tougher legislation, the Data Protection Act 1998, came into force on 1 March. Those that make a living in the mortgage industry should treat the new Act with respect, for it has far greater bite than the one it has replaced.

To begin with, any organisation that holds personal data about living individuals must comply with this new stringent regime. Compensation can be awarded against offending dataholders and offenders failing to comply with the Act may be jailed.

Understandably, there is a real incentive to get compliance right, particularly as consumer knowledge and confidence is on the increase. There can no longer be excuses for not toeing the line. Three of the major changes extending from the Act include:

l It will now be an offence to possess personal data without ‘notifying’ your particulars to the Data Protection Commissioner, unless you are already registered under the old rules. For the first time, lenders and brokers will be forced to answer specific questions about their data security procedures and demonstrate that their security measures are adequate.

l The Act covers computer-held data and any other personal data held in paper or manual form in a ‘structured filing system’. It is advisable to start checking your card indexes now.

l The Act stipulates that personal data cannot be transferred outside the European Union unless it can be shown that the recipient has a regime with sufficient data protection. Think about this if you do business abroad or operate a website.

Personal data must be processed fairly and lawfully and, unless it is within certain categories, with the consent of the relevant individual. Explicit consent is required for ‘sensitive data’ (for example, concerning religion, ethnic origin and political affiliations). Data must also be relevant, adequate for the purposes disclosed, must not be kept longer than is necessary and must be accurate and up to date.

The Act includes a regime for the ‘processing’ of personal data. This includes everything from acquiring and holding data, reviewing files and the subsequent disposal of information. The law states that ‘appropriate’ technical measures must be taken to prevent unauthorised or unlawful processing or disclosure of, or accidental loss or damage to, personal data.

Greater powers are rightly accorded to the consumer. For instance, individuals are entitled to see all the data held about them upon payment of a fee within 40 days of requesting it. This information must be corrected if it contains inaccuracies or has the potential to cause damage or distress. If the data is used to enable automated decision-making processes to operate, individuals are entitled to details of this and how it operates. This could be relevant to credit-scoring, investment management and various direct marketing tools.

Companies and organisations that use external data processors, such as payroll bureaux and bulk mailing services, must vet their data security practices and enter into written agreements requiring such processors to comply with the security requirements of the new Act. In addition, organisations must also know what data is held, where it is held and how accessible and accurate it is. Agreements must be put in place with external data processors. There should be a Data Protection Act compliance policy in place in all organisations (including any who think they do not hold personal data) which is known to all staff.

Meanwhile, any data that is held must be secure. In future, direct marketers must also seek customer permission from the individual concerned before they can use personal data for commercial purposes. The best advice the mortgage industry can take is to be safe, not sorry – and act now.

Tags

There are 0 Comment(s)

You may also be interested in

Business Skills

In this section, we offer short ‘how to’ guides on harder to crack areas of business. From social media, to regulation or niche product areas, we cover it all.

Profiles

Our journalists interview key industry entrepreneurs, strategists and commentators for day-to-day market insight and a strategic view of where the industry is heading. We offer lessons for success and explore the opportunities for your business

Success in Practice

Here, we share case studies fleshing out best practice to help you decide what could work for your business. Take a look at how others approached complex tasks like launching a new mortgage lender, advising on a new product area or deciding to specialise in another. Learn from others mistakes and triumphs.

Marketwatch

Each week, we ask top mortgage and property commentators with a unique perspective to examine a key news headline, market move or regulatory or political issue.

Poll

Vote in our weekly poll here. It’s your chance to tell us what you think and be heard on the top news stories of the week. Review our archive to find out what your industry really thinks and all our coverage of the results.

Top Comments

Be part of the conversation on Mortgage Solutions. We want to hear from you. We have a tool called Disqus to tell us which stories get the most comments each week. Every Friday, the team picks the most thoughtful or opinionated contributions from our readers to enjoy again. Don’t forget to share your favourite stories from the site on social media to keep the conversation going.
Read previous post:
Skipton ‘reluctantly’ moves to introduce charitable assignment

Skipton Building Society has become one of the final top 20 mutual societies to introduce a charitab...

Close