Every time you attack the Data Protection Act, a fairy dies

According to comments reported in the Daily Mail (http://tinyurl.com/bqa5dpm), Baroness Deech says that a school should be able to tell a university that a prospective applicant’s mother is an alcoholic, and their father abandoned them, without fear that the parent or child be able to find out. The inability to share information so vital to the matriculation process, coupled with the drastic effect on job references that Deech is so exercised about she cannot actually cite any examples, is so damaging that were she to be made Prime Minister for the morning, abolishing the whole Data Protection Act would be her first task.
In the years I have been working on Data Protection, I have encountered some ludicrous views on the Act’s idiosyncrasies, so I cannot say for certain that the noble Baroness’ musings are the worst. I still have a soft spot for Tom Utley’s haunting account of his niece’s flute exam results not being accessible allegedly because of the machinations of the Data Protection Act. He was clearly so thunderstruck by the story he used it twice, first in the Daily Telegraph (http://tinyurl.com/dxte7kt) and later in the Daily Mail (http://tinyurl.com/cdw4tuo). I like the tale because its account of a daft teacher mistakenly using the DPA as an excuse not to give out the results, and then said results actually being obtained because a request was made under the DPA, is an advert for the legislation, not a condemnation. At worst, all Mr Utley’s story does is underline the vital need for good quality, pragmatic Data Protection training, if you know what I mean.
Anyway, Deech’s opinions are more troubling because she is not trying to fill a newspaper column, but is (ostensibly) a sensible and serious establishment figure with a seat in the House of Lords. In her fantasy PM moment, she would prevent social services clients from finding out what happened to them as children, stop individuals from correcting inaccuracies in their credit records, and ban patients from seeing their medical records. There would be no right to stop marketing, no ability to sue for damages for unfair or inaccurate uses of data. Your records would not need to be adequate or accurate. Security would be optional. And of course, the foundation of the DPA, the obligation on organisations to tell you what they’re doing with your data and why, that would be gone as well. All so that important people who know best can exchange their opinions without having to justify them. We’ve already had GPs bleating about having to hand over medical records without being able to charge insurance companies £97 for them (http://tinyurl.com/cu99nsy), and now the establishment wants to kill vital legislation so we can get back to the good old days when you could exchange information in secret. Because that never did anyone any harm, right?
It’s possible that Deech doesn’t know what else the DPA does, and in wishing to allow institutions to provide life-changing references without those affected (and other third parties) being able to assess fairness and accuracy, she doesn’t know what else she is wishing away. I doubt it – I’m sure her genuinely illustrious career in the law, academia and public service would have introduced her to its wider implications. And besides, Wikipedia claims (http://tinyurl.com/cyrhu6j) that her first cousin is the UK’s Blackbelt Openness Champ Maurice Frankel, so perhaps he might have given her a few pointers. But even on its own terms, her antipathy to transparency would shift power from individuals back to organisations, allowing them to say what they like about people with impunity. It’s an elitist and undemocratic approach – but I did mention that she is a member of the House of Lords.
When writing a reference, you have to be objective, fair, and accurate. If you have a valid opinion that the person might not like, you should include it and stand by it. If organisations really want to send or receive references written by people too spineless to justify their comments, they’ll end up with references written by people who might make them up to settle scores. Indeed, Deech’s proposal would facilitate that.
The Data Protection Act is often abused. Organisations routinely hide behind ‘Data Protection’ as a cover for poor or unhelpful customer service (for example, there are several ways to quickly and easily allow family members legitimate access to a relative’s account which DP does nothing to prevent). People who are confused, uncertain or indecisive about the use and sharing of personal information sometimes use Data Protection as a shield for their hesitancy. As we enter the festive season, head teachers up and down the land may tell parents that ‘Data Protection’ prevents them from filming their kids at Nativity Plays (parents are, in that context, absolutely exempt from the Data Protection Act under Section 36). But the Act is solid and sensible, and gives us rights and protections we need to protect us from the powerful, the arrogant and the lazy. We need a better explained, better regulated DPA, not an abolished one.
So I would like to add the first item to my Christmas list for Santa’s perusal. I would like Baroness Deech to get her wish, but only for herself. Like George Bailey’s journey to a Bedford Falls where he didn’t exist in ‘It’s A Wonderful Life’, I request that Santa lets the Baroness experience a world where the admittedly imperfect but nevertheless essential Data Protection Act simply doesn’t apply to her, and anyone can share any information about her, regardless of purpose, quality or relevance. People who don’t need to can read her personnel file or her medical records, and write references that she isn’t allowed to see, or even know about. She can’t correct inaccuracies, and her data is strewn around the streets on lost pen-drives and files left on the rooves of cars.
OK, we’re all apparently experiencing that last bit, but you get the idea.