-
- guardian.co.uk, Friday September 5 2008 15.30 BST
Time for a giggle. Time, too, for a little serious thinking about data protection.
The giggle turns up in a story today about a faulty birthday present. A seven-year old boy opens a package from his aunt to find within – oh, ecstasy! – a superman outfit. Then, catastrophe: the belt is missing. How can he be Superman without a superbelt to hold his superpants up?
So his mother phones Marks & Spencer, and here the farce begins. The helpline operator cannot speak to the boy's mum until the boy has answered some questions to identify himself. Not only that, he must also give consent for his mother to speak to M&S on his behalf.
A harried few minutes follow. Eventually all is sorted and, on being made aware of their boo-boo – which M&S put down to "human error" – the boy scores a Hulk outfit, by way of compensation.
But now for the seriousness. It is pleasantly ironic that the episode of the Superman outfit should take place in the very week chosen by the information commissioner to remind organisations not to hide behind (pdf) the Data Protection Act.
Over at the office of the information commissioner, they have a fair few cases where myth appears to have overtaken reality: priests informed they must not pray for the sick by name; a wife told she could not request an insurance claim form for her husband; parents blocked from learning their children's exam results. In every case, it turns out, because someone, somewhere wrongly believed the DPA made this so.
There is none so fanatic as the recent convert, and part of the problem lies in the gradual shift over the last few years (but accelerated, with every news story about our personal data going walkabout) from blase indifference, to intense back-covering. The financial penalties are mostly not too great, but organisations are beginning to wake up to the fact that the public don't like data mismanagement, and are reacting accordingly.
The worst offenders of all are local government, whose volte-face in this period means they are now about as paranoid as a paranoid thing can be.
Meanwhile, the last misconception – about children's data rights – springs from a much wider, more serious misapprehension on the part of officialdom. Following the Gillick ruling, which allows "children" to pick up aspects of parental responsibility as and when they are competent to do so, local authorities have tended to apply this across the board to young person's data.
My own first intimation of this was when my local library informed me that once my daughter reached the age of 12, I would no longer be able to inquire as to what books she had on her card.
Excuse me?
I argued then that this was wrong in law – and was much encouraged this week to discover none other than Professor Ross Anderson, Chairman of the Foundation for Information Policy Research, saying much the same (pdf).
Nonetheless, this view seems to permeate government at all levels, and it has serious consequences. It means that government believes that when it comes to children's data – systems such as the now-controversial ContactPoint database, for instance – they can finesse parental concerns about data protection and effectively remove parents from the loop by relying on the theory that control of personal data resides with the children. It doesn't. But you'll have a hard time convincing officials otherwise.
Over at M&S, their helpline operator didn't find the idea of quizzing a seven-year-old over data protection at all incredible. Apparently, he claimed, he'd done the same to a four-year-old some weeks previously. At least the government so far appears to be drawing the line at 12.
Staff
Contributor
You have characters left
Please read our community standards.
Closing this window without pressing "Post your comment" will result in your words being lost.
Are you sure?
Thank you for your comment. This has been submitted for moderation.
Your comment has been successfully posted.
Sorry, something has gone wrong and this action cannot be completed. Please try again later.