Businesses should not ‘hide behind’ Data Protection Act

The Information Commissioner’s Office (ICO) has this week urged organisations not to hide behind the Data Protection Act unnecessarily when dealing with individuals.

The ICO’s call comes as it continues to encounter incidents where data protection is wrongly used by organisations as a reason for refusing to give out any personal information or for preventing them from dealing with certain types of enquiries.

The most bizarre instance they cite is an incident involving a young lady who was refused service from a clothes shop after she requested a shop assistant to check if another store had her size in a bikini. The shop assistant refused – citing the Data Protection Act.

David Smith, Deputy Commissioner at the Information Commissioner’s Office, said:

“Using data protection as a reason to refuse to check if another store stocks a different size is not only absurd, but wrong. All too often we hear of cases where organisations have not properly thought through whether they can respond to enquiries from individuals. As in this case, the store has simply said no and used data protection as a duck out. The Data Protection Act does not impose a blanket ban on the release of personal information. What it does do is require a common sense approach. It should not be used as an excuse by those reluctant to take a balanced decision. The Act plays a very important role in protecting all our personal information and gives us all important rights.

“Recent high profile data breaches have reinforced the value of the Data Protection Act which requires organisations to keep personal information accurate, up to date and secure. Data protection makes good business sense so it is in their own best interests for organisations to make sure they understand and use the Act correctly.”