Data Act deadline looming

Many law firms are woefully ill-prepared to meet the October deadline for compliance with the Data Protection Act 1998, according to a leading expert in the field.Sheila Gaskill, a partner at City firm Masons, said she suspected a large number of firms were 'still scurrying around trying to get ready' for the compliance deadline of 24 October.

'Firms that specialise in IT and have a data protection department will probably be well prepared,' said Ms Gaskill, adding that there were probably 'only around four or five of those'.Ironically, professional organisations that have traditionally kept clients' records confidential - such as law firms and NHS trusts - are most at risk of breaching data protection law, according to Ms Gaskill.

'If firms keep data confidential, they tend to assume that they are automatically complying with the regulations,' she said.

'However, a duty of confidentiality is not enough in itself to comply with the Act.'Firms particularly at risk are those that are part of an international network.

'Unless they are being used in an obvious way, organisations are forbidden to share clients' details with other organisations without giving the clients a data protection notice beforehand,' said Ms Gaskill.

'This will obviously create problems with firms sharing clients' contact details with their international partner firms or seminar firms.'International firms also have to ensure that they have appropriate procedures in place for data protection outside the EU area, and eventually on a global scale.Ms Gaskill recommended that if they have not done so already, firms should appoint a data compliance representative whose job it is to monitor the use and quality of the data held about customers and employees and ensure the firm's various software systems are all compliant with the Act.

'This is vital, particularly for international firms,' said Ms Gaskill.Victoria MacCallum