Data protection

Under the 1998 data protection act, it is compulsory to alert the information commissioner if you are holding key information about clients on a database.

The act requires every business that processes personal information (described under the act as a 'data controller') to notify the Information Commissioner's Office (ICO)

However, the ICO reported that fewer than half the accounting firms they have knowledge of has advised them whether they were storing clients' personal information on their computer systems.

The ICO ran a successful campaign against the law profession for its low rate of compliance; several solicitors were prosecuted. This could happen to accountants too.

CIMA members in practice should note that the act applies to non-auditors as well as to auditors.