Today's move by the Information Commissioner's Office (ICO) to punish a firm for breaching the Data Protection Act (DPA) could be the first of many similar cases as the organisation seeks to flex its muscles, experts have said.

The ICO raided a company called The Consulting Association, which had kept a secret database of personal information on over 3,000 UK construction workers.

The data protection watchdog said that it will prosecute the firm's boss under the DPA, and possibly go after the 40 construction companies that used the database as a covert vetting tool.

Matthew Tyler, director at consultancy firm Evolution Security Systems, warned that there will be "a raft of these cases" this year, as businesses continue to mishandle customer data.

"The way data is handled and managed in the UK is farcical, and has been for years because there has been no comeback," he said. "But if the fines go up and the directors face possible jail sentences, then they'll give it more focus."

Tom Ilube, chief executive of online identity firm Garlik, said that the announcement shows "the ICO flexing its muscles in a way we have not seen before", and that it should be a wake-up call to executives.

Ilube predicted a rise in sites specifically set up to provide similar illegal services to potential recruiters by trawling through the web for personal information.

Gartner analyst Thomas Otter argued that companies should be prepared for a hardening of the ICO's stance towards organisations that mishandle data.

"The ICO is becoming more vocal and more assertive and coming more into line with the rest of Europe in this regard," he said. "From an IT and HR point of view, organisations need to be more vigilant about data protection, because there are likely to be a number of prosecutions, and a growing public awareness of privacy issues."

Paula Barrett, a partner at law firm Eversheds, advised firms wanting to vet potential employees to treat this as a "cautionary tale".

She added that they must perform due diligence on any third parties they use to provide them with such information, and to include a "feedback loop" to the individual so that they are aware of what is going on.

"If in doubt, don't use it," said Barrett. "Make sure you have a contract for supply of the data, and check that it has provisions in it that give you assurances that the information has been collected in a manner which is compliant with the DPA, and that its transfer and use by you will also be compliant."

Permalink  Comments  Forward  Print
digg   del.icio.us   reddit!

related content
Database
Privacy & Data
BulletICO uncovers secret construction worker database
Builder blacklist in clear violation of Data Protection Act  06 Mar 2009
Convention on Modern Liberty
Privacy & Data
BulletInformation Commissioner to increase technology staff
Privacy watchdog will hire more computer experts "when budgets allow"  04 Mar 2009
Data security
Privacy & Data
BulletICO raps health trust over stolen laptops
NHS still not handling patient information securely, says data watchdog  06 Feb 2009
Data security
Enterprise Security Technology
BulletICO launches Personal Information Promise
New data handling initiative launched to coincide with European Data Protection Day  28 Jan 2009
Data protection
Privacy & Data
BulletICO kicks off privacy notice consultation
Watchdog calls for public and private participation  13 Jan 2009
Building under construction
Enterprise Security Technology
BulletGuilty verdict in construction worker database case
Information Commissioner refers breach of Data Protection Act to Crown Court for sterner punishment  28 May 2009
Gavel
Privacy & Data
BulletCBI baulks at ICO's proposed new powers
Potential amendment to Coroners and Justice Bill is unjustified, says CBI  09 Jul 2009
Gavel
Privacy & Data
BulletGoogle and Pirate Bay share Thursday good news
ICO confirms Street View does not breach privacy act, while Pirate Bay lawyer calls for retrial  23 Apr 2009
image of ICO christopher graham
Internet Privacy & Data Protection
BulletICO to fine companies for DPA breaches
Offending organisations could be fined up to £500,000 for breaching Data Protection Act  12 Jan 2010
Christopher Graham
Privacy & Data
BulletICO investigating mobile firm over data leaks
Information Commissioner reveals details of widespread abuse by staff  17 Nov 2009
latest news
High speed train
Transport
BulletGovernment signals High Speed rail intent
Long-awaited proposals for new 250mph network released  11 Mar 2010
Co-op plastic bag
Recycling/Disposal
BulletResearch casts doubt over green credentials of "degradable" plastics
Co-op vows to stop using oxo-degradable plastics as controversial research claims they have no environmental advantage over conventional plastics  11 Mar 2010
Steel
Investment
BulletOxsensis' prospects heat up following cash injection
Developer of ultra-high temperature sensors secures £3m in latest funding round  11 Mar 2010
Click here for more More news
latest in-depth
Offshore wind farm
Comment
BulletWhy Europe needs an electricity Supergrid
Christian Kjaer, chief executive of the European Wind Energy Association, argues that a supergrid is essential to EU efforts to cut carbon emissions  11 Mar 2010
TV
Comment
BulletTune in, turn on, cop out?
With the World Cup expected to provide a sales boost for television manufacturers, Hannah Hislop of the Green Alliance warns poor energy labelling will make it difficult for football fans to pick the greenest models  10 Mar 2010
Trewin Restorick
Comment
BulletRaymond Blanc ou Raymond Vert
Trewin Restorick wonders if the new Sustainable Restaurant Association can help green our cuisine  09 Mar 2010
Click here for more More in-depth
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Business Green editor at feedback@businessgreen.com
Reader comments for this story
Post your comment Post your comment   What is this?