Computer data watchdog 'ineffective and costly': Former senior official attacks agency after quitting post. Susan Watts reports

THE agency that checks for misuse of computerised personal information has failed the individual and placed costly demands on companies, says a computer expert who recently quit a senior post with the unit.

John Lamidey, launched a scathing attack on the approach adopted by the government-appointed organisation. Last month, he joined Infolink, one of four credit reference agencies forced to change their practices last year by the Office of the Data Protection Registrar over their use of personal data.

He is aware that some see him as a gamekeeper turned poacher, and that his criticisms come at a sensitive moment, with the annual report of the Data Protection Registrar, Eric Howe, due for publication today.

The report comes one week before the 10th anniversary of the Data Protection Act (1984), and will be the last from Mr Howe, who retires at the end of next month. Mr Lamidey was one of three staff that worked directly beneath Eric Howe, the Data Protection Registrar, and his deputy. His two colleagues dealt with data protection issues for the public sector, and Mr Lamidey handled the private sector.

He said the registrar's office is not accountable to anyone, and appears to choose its investigations at whim, or from issues the newspapers highlight. All too often these stem from what he calls the 'Frankenstein complex' - a fear of computers that has convinced a minority of people that the Big Brother state is reality. Issues such as HIV status on police records make good news stories, but are not concerns the public shares.

Eric Howe rejected this, and said yesterday that he had a clear policy of looking at individual complaints, and only then considering whether these raised wider concerns. Today's report would bear this out, he said.

Mr Lamidey set up the Data Protection Registrar's complaints department when he joined in 1986. It has since dealt with about 28,000 complaints. 'I have never come across any evidence to substantiate the view that there is a terrible misuse of computer data,' he said.

In some cases, an obsession with privacy issues was taken to unnecessary extremes, Mr Lamidey said. The agency complained that the police were checking lists of guests at hotels to be used for the political party conferences. It wanted guests to be informed of this, which Mr Lamidey said made a farce of a security operation.

He said the evidence suggested that people worried about mundane matters, such as 'junk' mail and credit ratings. 'These are usually niggling problems that can be sorted out easily with the person concerned. People want their plastic credit cards, yet this is the area that causes most complaints.'

Mr Howe was surprised at criticism over 'junk' mail, and pointed to last year's successful action against the Innovations catalogue, which prevented it from passing information to third parties without telling customers.

His other key criticism is the small number of companies registered as holders of information on computer under the Data Protection Act. In the public sector, this is around 180,000 companies. With around 3 million trading organisations in the UK, this represents a tiny fraction of those that should be included. Chasing up companies is given too low a priority. Organisations that store personal data can be prosecuted only for holding false or excessive amounts of information if they are registered. 'There ought to be more emphasis on getting people registered if these rights mean anything at all,' Mr Lamidey said.

(Photograph omitted)