While data protection laws help protect consumer privacy, two recent cases in the UK highlight the problems that may result if not enough guidance is given beforehand to those whose businesses it is to guard that information.

The examples are important for Bermuda to consider as it moves forward next year towards its own data protection act.

The most prominent case in which the UK's data protection laws featured is the Soham murder case, in which Ian Huntley was convicted last week of the murder of two ten-year-old girls. An investigation revealed that Huntley should never have been hired as a caretaker at the local school. A search of his past records revealed that he had previously been accused (at various times and by various women) of four cases involving under-age sex, one of indecent assault, three of rape and one of burglary. All the cases involved accusers in a different village. When Huntley applied for a job at the Soham school, the headmaster did a check on his background, which failed to turn up the previous suspicions about him.

One of the problems cited was the Data Protection Act. The Humberside police apparently misunderstood the Act and regularly purged their computer of cases that had never come to court. Now the UK's Home Secretary, David Blunkett, has launched an inquiry into the situation.

A second case involving the Data Protection Act involves British Gas, which seems to have taken a too strict interpretation of the law, resulting in the death of an elderly couple.

George Bates, 89, and his wife, Gertrude, 86, died in their ?500,000 house in southwest London in October. Six weeks earlier British Gas had cut off their heating and cooking gas supply because a ?140 bill had not been paid. Bates died of hypothermia, his wife of a heart attack.

During the coroner's examination British Gas claimed that the Data Protection Act prevented it from telling social services about elderly customers being disconnected. This has turned out to be a convenient excuse. The UK's Information Commissioner has said British Gas would not have broken the Data Protection Act if it had informed social services that it had cut off someone's heating supply during winter. The Act prevents the release of a customer's credit data.

Meanwhile, in the Soham murders case the Information Commissioner has dismissed claims by Humberside Police that the act had barred officers from maintaining a file on the sexual assault accusations against Huntley. From this one would conclude it was not the Act that was the problem, but a lack of communication about the implications of the Act, and in the case of British Gas a whole lack of humanity.

A third case should never have happened, I believe. This is the data protection case brought by the Swedish government against a church worker in Sweden and shows how heavy-handed the law can be.

Bodil Lindqvist was trapped by that law in 1998 when she set up Internet pages on her personal computer at home to enable parishioners preparing for confirmation to obtain easily the information they were likely to need. Where Lindqvist went wrong was in also posting information on 18 of her colleagues in the parish. She described their work and their hobbies in mildly humorous terms. In several cases their family circumstances, their telephone numbers and other information were given. She also mentioned that one of her colleagues had injured her foot and was working part-time on medical grounds.

The Swedish data protection commissioner fined her about 450 kroner for processing personal data by automatic means without notifying the Datainspektion (Swedish supervisory authority for the protection of electronically transmitted data) in writing, for transferring data to third countries without authorisation and for processing sensitive personal data (a foot injury and part time work on medical grounds).

Lindqvist appealed against that decision to the Swedish high court, which then asked the Court of Justice of the EC to rule on the matter. The court ruled that she had broken the EU's data protection laws. Poor Lindqvist. Obviously her colleagues were not amused and instead of dealing with it on a personal level (asking her to remove the information), decided to use a hammer to squash her.

---

If you receive this message, or something like it, do not answer it: “Dear Customer, Our latest security system will help you to avoid possible fraud actions and keep your investments in safety. Due to technical security update you have to reactivate your account. Click on the link below to login to your updated Visa account.”

The message is the latest scam designed to get you to part with your money. This one is particularly realistic and has ensnared quite a few people because it is so realistic. I received one yesterday. Clicking on the link seems to bring up the real Visa site, along with a pop up window. The pop up is the danger. It asks for your credit card number, expiry date and your pin number. Remember, Visa will never ask you to disclose your pin number. Trash the e-mail if you receive a similar one.