I’ve just finished marking a set of student scripts from an Open University course which links IT and workplace practice. One question concerned the UK’s Data Protection Act, which has eight principles designed to ensure data processing is open, fair and not compromised.
So which organisation do we find flouting at least seven of the eight principles? The UK Government.
For some time in this country we’ve had a DNA database which is supposed to help the police catch offenders in sex cases. It contains DNA profiles not only from everyone convicted of such a crime, but from everyone accused – even if proven innocent. And the “data subjects” don’t have the option about whether to supply the data.
This Government beefed up the role of the Data Protection Registrar, calling it the Information Commissioner’s Office. It’s supposed to enforce compliance.
Now we find that same Government not only maintains data on this database which is not required for the purpose it is supposedly collected. It is also passing the data to commercial research companies and other unconnected bodies. For a purpose which may of itself be admirable, but which is quite clearly not that for which it was collected, and without any authorisation from the data subjects.
If I captured this as a case study for my students, they would have no trouble telling me what was wrong with this practice. Who are the IT practitioners (I won’t call them professionals) who allowed this gross violation of professional practice to happen, and didn’t blow the whistle when it was happening, and didn’t resign in protest?
• UK Data Protection Act: the eight Principles (Schedule 1 of the Act)
• Home Office allowing private companies access to the DNA Database (Liberal Democrat news release, 28 Jul 2008 )
• Information and communication technologies at work: Open University course T121