By Heather Rowe
Publisher: Butterworths Tolley
Price: £40
If you have had the misfortune to wrestle with the UK’s 1998 Data Protection Act, you will not need reminding of its complexity. It is a lengthy and convoluted Act which requires both time and patience to fully explore its provisions – qualities which all lawyers would like more of.
If you would like to get to grips with the 1998 Act and do not have the spare week and set of cold towels necessary to tame it fully, you should be delighted that Butterworths has just brought out a ‘Practical Guide’ to the 1998 Act, particularly as it is written by a well-known and respected figure in the field – Heather Rowe.
Butterworth’s guide combines breadth and significant depth. It includes both a commentary on the 1984 Act, which the 1998 Act replaced, the 1995 Directive on which the 1998 Act is based, and a detailed summary of much of the secondary legislation implemented in order to give effect to it fully. In addition, telecoms specialists will find a particularly detailed chapter dedicated to the related subject of the Telecoms Data Protection Directive.
There are also separate chapters on employment, medical records, financial services and website-related issues.
In truth, that breadth and depth makes this less a practical guide and more a detailed summary of the legislation for the practitioner who is already familiar with the field. Anyone looking for a quick explanation of the key issues, or their practical import, will not find it here. For example, the data protection principles, which are perhaps the most important element to be grasped fully in any understanding of the Act, are not discussed until Chapter 11. Similarly, a data controller will not discover that there are exemptions from his obligations to notify under the 1998 Act, which exclude a large proportion of ordinary data controllers from the notification obligation, until page 307, 200 pages after the section on exemption from notification.
Those who spend a significant amount of time in the data protection field will not be surprised by either of those examples, as they reflect the structure of the Act itself, and the manner in which it has been implemented.
For them, this book also includes detailed sections on trans-border data flows, which summarise much of the history of the discussions between the Commission and the US up to the end of March 2000, telecommunications and personal data issues, and the only substantive case in the UK courts so far discussing the 1998 Act – the Source Informatics case.
There is also a useful bibliography of resources, and copies of the Act, together with much of the secondary legislation made
under it.
Frustratingly, though, particularly given the extensive discussion of the Telecoms Data Protection Directive in the text, there is no copy of the Directive or the Telecommunications Regulations implementing the Directive in the UK.
For anyone who needs to become familiar with the 1998 Act quickly, this book will prove an infinitely more palatable first port of call than the 1998 Act itself, albeit a detailed one. For those already familiar with the field, this will be an invaluable resource, combining as
it does both a significant amount of interpretative guidance on the 1998 Act and its subsidiary legislation, with copies of much of the legislation itself.
Richard Cumbley is a solicitor in the data
protection group at Ashurst Morris Crisp.
