A spate of cases with fatal consequences last month, most notably the Soham murder trial, has prompted the Home Secretary to review the workings of the Data Protection Act 1998. George Howarth, the former Home Office minister who piloted the legislation through the House of Commons last year, said the rules should be operated with common sense and that it was "never intended that people should end up dying". He also revealed that David Blunkett had set up a review of particular aspects of the Act as a result of concerns raised by the Soham murder investigation.
Following the conviction of Ian Huntley over the murders of Jessica Chapman and Holly Wells, Humberside police were criticised for destroying vital information on the child killer. More recently, the legislation was blamed following a recent inquest into the deaths of George Bates and his wife Gertrude, both over 80 years of age. They were found dead at their home a matter of weeks after British Gas cut off their supply when they failed to pay their £140 bill.
Yesterday The Sun ran a report of a chemist who was beaten unconscious in his shop. He then did his own detective work and traced his attacker's name and address on his pharmacy's computer records. However, police apparently refused to take the details as they were in breach of the legislation.
"The police could clearly have taken that information completely lawfully and so there must be some other reason they didn't ask for it," commented Shelagh Gaskill, a data protection expert at Masons. "The case just goes to show that organisations need more training in the Data Protection Act." On many occasions businesses use the legislation "to hide their organisational administrative weaknesses", she added.
In the Soham case, Humberside police had dealt 10 times with Huntley, regarding allegations of rape, unlawful sex with underage girls and an indecent assault on a 12-year-old girl. Gaskill points to a code of practice whereby information was supposed to be wiped by the police unless it fell into a particular category, such as an allegation of a sexual offence.
Following Huntley's conviction, the Association of Chief Police Officers revealed that the Information Commission had previously taken "preliminary enforcement action" against two forces over the retention of conviction data, including offences of assault occasioning bodily harm. The association also expressed concern "that deletion of such data would significantly undermine the ability of the Criminal Records Bureau to help employers safeguard the interests of children in particular".
In the more recent British Gas case, the company told the inquest that 10 attempts were made to contact the couple before the supply was switched off. The company argued that since the introduction of the Data Protection Act, they were prevented from passing information to social services, as they were not allowed to disclose information on debt without the customer's consent.