Britain takes legal step to require businesses to protect personal data
The British government has announced it will update and strengthen data protection laws through a new Data Protection Bill, a welcome step in the digital era when the leakage of personal information has become a worrisome problem worldwide.
From Europe to Asia, and to America, almost every country, either developing or developed, has been haunted by such a problem.
Millions of Internet users’ personal information has been hacked, raising concerns about web security and triggering widespread panic.
The new bill, designed to sign European privacy rules into British law, as well as update the existing Data Protection Act which has remained unchanged in the island country since 1998, aims to give the British public greater control over personal data.
The new bill expands the definition of “personal data” to include IP addresses, Internet cookies and DNA.
Under the new measures, everyone responsible for using data has to follow even stricter rules called “data protection principles.”
They must make sure the information is used fairly and lawfully, for limited, specifically stated purposes and in a way that is adequate, relevant and not excessive.
At the same time, the personal information should be kept for no longer than is absolutely necessary.
In practice, the new requirement will be subject to some exemptions, but may cause a headache for businesses, some of whom may not have data stored in files or on analogue tapes, making it difficult to sort their data.
Worse still, there are many ways data can be put at risk – including software vulnerabilities, lost hard drives and CDs, malicious insiders and poor security.
These kinds of problems can only lead to infamous data breaches. Over the last two years, 22 such notorious cases were reported in Britain.
Even the US, the single superpower in today’s world, cannot be immune from these problems in protecting individual information when people are using big data to analyze how to offer better services to target consumers.
For instance, 198 million Americans’ personal information was accidentally released, according to reports from the US in June.
Undoubtedly, larger and more serious breaches lie ahead.
The new British Data Protection Bill is not expected to remove root causes of data leakage.
Many experts have already warned that businesses are totally unprepared for the new rules coming into force in Britain. Given the high fines for offens- es, companies may be stung before getting their houses in order.
Furthermore, some argued that the extent of the reforms are unclear – important personal data such as health records or data of scientific importance may be protected, but at this stage, it is unclear exactly what the exemption may be.
When a lot of questions are raised about web security, it is a desired development to use law as a weapon to keep personal information from being leaked.
In fact, the new measures mark only the first step forward. They will be tested in its implementation.
The authors are writers with the Xinhua News Agency. The article first appeared on Xinhua. opinion@ globaltimes. com. cn