01 June 1999

A research study conducted among 200 medium and larger businesses showed widespread ignorance of the new data legislation that became law this month. The survey, conducted for GB Information Management, found that three quarters of the sample were unprepared for the requirements of the Data Protection Act 1998, which limits the way in which companies use consumer data for marketing purposes. Half the company directors interviewed were unaware that they are liable for the accuracy of their databases and subject to trial and possible imprisonment if a consumers successfully sues a business for misuse of their data. Many did not know that firms are now required to tell consumers that they are collecting data about them and the purposes for which it will be used [Debrief's italics]. Particularly vulnerable are businesses collecting data for loyalty programmes, where the information will be used over a period of time for differing marketing purposes. Among the new categories included in the Act is that of 'sensitive personal data' - for example racial and ethnic origin, political views, and details of mental and physical health - all of which require the explicit consent of the consumer before the data can be used. The study also discov-ered that 13% of companies had never checked the accuracy of addresses and phone numbers on their databases.

The Home Office has published the first six of the nineteen instruments to be made under the Data Protection Act 1998. Full information can be found on the Home Office website at