Law on Data Protection - PowerPoint Presentation Example

Introduction The ICO or the ‘Information Commissioner’s Office’ regulates the handling and usage of Personal data or information related to an individual, the ICO enforces policies of the Data Protection Act which is a “United Kingdom Act of Parliament” (Jussawalla, 1992). Many authors such as Steve Hedley believe that the DPA or the Data Protection Act is exceptionally complex (considering its magnitude) (Hedley, 2006). Even though the extent of DPA is quite wide, still the Information Commissioner’s Office is at some extent unable to save the Kingdom’s populace from unexpected data losses, as a matter of fact the largest data loss ever recorded in history which occurred on the inauspicious 21st of November 2007 was within the United Kingdom itself, and that too by the inappropriate management by government’s recruits themselves; within this data breach hefty information which encompassed the bank and employment details of more than 25 million Britons was lost. The data also included personal information about many renowned and wealthy personalities. (Hines, ONeill, & Blakely, 2007) Very soon after the data theft incident the Times reported another scandal where the missiles triggered by the ICO had missed by a continent as the report reveals that about 100 hacker websites were candidly selling off Bank details and secret PIN numbers (Mostrous & Kennedy, 2007). This report triggered off yet another tittle-tattle and directly questioned the ostensible “complexity” of the Data Protection Act. This report specifically focuses on the data protection policies for Banks and their Customers; this also includes avowals in various litigations such as the case of Bavarian Lager Co Ltd. v Commission of the European Communities. Data Protection Policies: Banks and Customers At the outset, it is to be declared that the Data Protection Act specifically focuses on the prevention of all sorts of data for living beings, may that be Bank details; personal info such as marital status, age, etc.; profession info; or last but not least secure data. Thus it is clear that the prime focus of Data Protection Act primarily places preference for the customer. As a matter of fact the Data Protection Act in the U.K. is known to be the most austere amongst similar laws in any other part of the world. A wide – ranging list of various policies under the Data Protection Act are as follows: (Information Commissioners Office, 1998) The Bank has specific permission from the customer to store the data. The customer shall be made aware of the purpose for data collection. The data shall be processed only if the data is essential to a specific contract between the Bank and the customer. The data shall also be processed if it is a Legal requirement. Also under circumstances where the data processing is important for general Public functions. Data processing is also essential in order to carry out the interest of third Parties. Data processing is also allowed under circumstances where it is necessary to defend the subject’s rights. Present Law’s Correlation with Needs Primarily the author would like to address some cases that help correct and create the Data Protection Policies. Cases discussed HEDLEY BYRNE v HELLER, 1963 (Hedley Byrne v. Heller & Partners Ltd. , 1963) The author would like to address this case because this created results that were the basic foundations of the data protection and information transfer procedures: The Basis of this case was negligence in clarifying the bank’s policies, this led to the outburst of the so called “red herring prospectus”… this has not actually been deemed as the founder of the red herring prospectus but the case results suggests it to be close. This also led to the results that declared that the Banks shall not earn hidden profits, and the results were based on general principles such as “BANK IS CUSTOMER’S AGENT” and “AGENT HAS DUTIES TO PRINCIPAL” GREAT WESTERN RAILWAY v LONDON & COUNTY BANKING (Brindle, Cox, & Coleman, 2004) This case was of specific interest to the author of this report as it clearly identifies the delineation of a “Customer”. The basis of the case was based on a railway worker that cashed his cheque from the bank every month without any account. The issue was whether he should be called a Customer or not. Based on the present epoch’s basic principles he shall not be deemed as a customer, which was exactly the result of the case. So the law is in favour of the bank under this case as only customers are entitled for legal protection according to the JOACHIMSON v SWISS BANK CORP (1921) case which is discussed further in this report. JOACHIMSON v SWISS BANK CORP. (1921) (N. Joachimson (A Firm Name) v. Swiss Bank Corporation., 1921) This was actually the basis of what we know now as the “Customer’s duties” towards a bank, and concludes with certain generally acceptable policies such as provide cheques only if the account has sufficient balance, pay the necessary duties, etc. Does the “Present” Policies Fulfil the requirements of Banks and Customers? The author realizes the difference between the era of the above cases and the present epoch. But the above cases are the basic foundation of the present data protection acts. Ultimately those cases were the founding stones of the present laws. Like the customers duties in the Swiss bank case which declared that the customer shall always keep his cheque book out of general and faulty reach so as to prevent identity theft. But in the present era where the computers have taken over most of the transactions of the banks and almost everybody in the United Kingdom have their details stored on a virtual space which is easily hack able considering the present circumstances where cyber crime is at its peak and even the most highest authorities are unable to block them from doing what they do. Is the customer really responsible for the loss of his identity? The next header clears it all… (Hines, ONeill, & Blakely, 2007) Cyber Crime vs. Data Protection Considering the very recent events that have led every one to believe that their data is not safe with the Banks in UK, these sort of cases may not only lead to a fiscal loss for the customer, but also identity loss which is by far the scariest experience to deal with when dealing with cyber crime. The ICO is doing its best to prevent such circumstances from occurring in the future, but still a lot of damaged has already been borne, and no one can guarantee that such circumstances will never occur again. It is sad that such compelling technological advancement would bear such shame with it along its controversial journey. But if the banks increase security parameters this could be avoided. The ICO officers have stated that there is no flaw with the Data Protection Act; the recent events were simply human errors. The meaning of data security now and before 4 decades is really very different, but as every general errand the basics are always the founding stones of a policy and thus the arguments in the above cases are as true today as they were some 60 – 70 years back. Data security is a prime concern and as you would not hand out a blank cheque to just about anyone, you would certainly not hand over your online banking password. Fairness towards Banks and Customers “Customer is the King”. This statement sounds even more factual in this distressed era of credit crisis. And thus the policies are mostly in favour of the customers, such as the policy regarding the permission for the usage of data (notification of the purpose). Although some of the characteristics also favour the banks, such as the no hidden costs which could undoubtedly prevent the banks against losing goodwill. But ultimately the weight age on the customer’s side is higher. One very important case in the history of Banking was the TOURNIER v NATIONAL PROVINCIAL AND UNION BANK OF ENGLAND (1924) case (Tournier v National Provincial and Union Bank of England , 1924), which broke some laws of the Data Protection Act. The banks argued that sometimes the secrecy of data must be compromised under several circumstances such as public welfare, Customer’s consent (whether express or implied), Bank’s interest, or Compulsion of Law. Although the “Bank’s interest” part attracted a lot of criticism for the Union Bank and this amendment has not been added in the current Data Protection act of the United Kingdom parliament. This is due to the laid - back fact that sometimes selling the data may also count as “bank’s interest”. But then in 1980 the case of BANKERS TRUST CO. v SHAPIRO (1980) (Sir Chalmers, Guest, & Mackenzie, 2005) turned in the favour of the customer when the old amendment in the name of The BANKERS BOOKS EVIDENCE ACT 1879 stood standing which stated that “IN ANY EVENT IT IS BEST TO GET THE CUSTOMERS EXPRESS AUTHORITY”. Conclusion Based on the author’s study about the various cases and stipulations, the major points of the acts in favour of the customer and the banks are as follows: In Favour of the Customer Under the situations where the data is lost due to the mismanagement of Bank or its employees, the Bank will be solely liable for the physical and emotional damages to the customer. This also includes any damage to the goodwill. The case of HEDLEY BYRNE v HELLER 1963 helped remove the so called “hidden costs”. Safety against Cyber Crimes strengthening. Banks will be required to teach the customers about all the “beware” policies. Banks can not use any data without the explicit consent from the customer. The customer’s secrecy shall not be compromised unless certain policies come into action. In Favour of the Banks Under several cases the banks can compromise the secrecy of the customers. This was due to the case of TOURNIER v NATIONAL PROVINCIAL AND UNION BANK OF ENGLAND (1924). Full support of the ICO against data theft cases. As a matter of fact, the banks usually blame the agency for any aftermaths to be clear of all charges, as seen in the recent 100 website event by The Times. Customer’s Duties Panel. GREAT WESTERN RAILWAY v LONDON & COUNTY BANKING states the clear definition of a customer, if the customer doesn’t fit within the definition, he will not have any legal benefits. Works Cited Brindle, M., Cox, R., & Coleman, R. (2004). Law of Bank Payments. Sweet & Maxwell. Hedley Byrne v. Heller & Partners Ltd. , E.R. 575 (1963). Hedley, S. (2006). The Law of Electronic Commerce and the Internet in the UK and Ireland . Routledge Cavendish. Hines, N., ONeill, S., & Blakely, R. (2007, November 21). Government under pressure over taxmans giant blunder. Times Online - Government under pressure over taxmans giant blunder , pp. 1 - 3. Information Commissioners Office. (1998, September 7). The Data Protection Act (DPA) 1998, data protection policy - ICO. Retrieved October 25, 2008, from The Data Protection Act: Your rights, responsibilities and obligations to data protection: http://www.ico.gov.uk/what_we_cover/data_protection.aspx Jussawalla, M. (1992). The Economics of Intellectual Property in a World Without Frontiers: A Study of Computer Software. Oxford: Greenwood Publishing Group. Mostrous, A., & Kennedy, D. (2007, December 03). Websites sell secret bank data and PINs. TIMES ONLINE: Websites sell secret bank data and PINs , p. 1. N. Joachimson (A Firm Name) v. Swiss Bank Corporation., [1921] 3 K.B. 110 (Court of Appeal Februrary 9, 10, 11, 1921). Sir Chalmers, M. D., Guest, A. G., & Mackenzie. (2005). Chalmers and Guest on Bills of Exchange, Cheques and Promissory Notes. Sweet & Maxwell. Tournier v National Provincial and Union Bank of England , [1924] 1KB 461 (CA) (Court of Appeal 1924). Read More