Such protection as exists in the UK of one's personal information is provided by this Act of 1998, which was brought in following an EU Directive. It is aimed at giving protection to individuals regarding the processing by automatic means of personal data. As to whether the EU Directive has been fully complied with is apparently still under review.

In a country where the law of privacy is only just being developed and the individual is swamped by unsolicited mail and emails it could be asked what objective

this protection has in mind. However, it is the business which should be checking that it is complying with the Act, as practically every business in the UK holds information covering its customers, its suppliers and its employees and which is usually held on a computer. Any information which can identify an individual and that information relates to him or her and can affect his privacy is covered by the Act. Names, addresses, telephone numbers, dates of birth and even information which is not confidential can constitute personal information under the Act.

If this is the case the Act requires notification by a data controller within the business of a description of the personal data and the purposes for which it is required.As failure to notify is a criminal offence but notification is relatively cheap and straight forward for the smaller business, it is worthwhile for the business to consider protecting itself in taking this step. Notification is not online yet but the forms can be downloaded and there is a small annual fee on renewal, see http://www.ico.gov.uk/what_we_cover/data_protection/notification.aspx.