What the ICO needs to do for freelancers
Are you a sole trader, working freelance and handling personal data? Have you registered with the ICO under the Data Protection Act? With over 3 million estimated sole traders and the ICO only having a few hundred thousand registrations, it’s unlikely.
Many creative freelancers don’t feel they have to, they’re not processing a person’s medical records or tax returns so surely it doesn’t apply to them. Truth is, personal data is anything from a captioned picture to an invoice and if you’re not complying you could be in for a nasty shock.
The law applies to everyone from the police or a multinational to a single freelancer, but the ICO doesn’t make much of a distinction between them. One freelance photographer got a £1,000 fine for not realising the act applied to him and there are no doubt many others out there who’ve had the same.
There’s an exemption under the act applying to journalistic, literary or artistic material so it’s likely almost all of the material collected on the editorial/creative side of being a freelance photographer, journalist etc would be exempt from the provisions of disclosure (although not so for the business side). This doesn’t stop you needing to register though, and the penalties can be potentially severe if you forget with it being a criminal offence.
But in order to actually get freelancers on side and complying more with Data Protection law, the ICO urgently needs to make some changes to how they’re treated. Whilst the annual fee for ‘notification’ with them isn’t much at £35 a year, unless you’re a large public authority or high turnover company, they could still benefit from making a further distinction between a company with a couple of hundred staff and the struggling freelance.
But the cost is more than that, ironically, if you value your privacy. This doesn’t apply to everyone, some freelancers are happy to publish their address or have an office space they can register under, but many simply work out of their homes and may not be keen on having their location on the internet. This wouldn’t apply to registered companies, who already have that sort of information on public record with Companies House, but seems a real block to getting sole traders on side.
The ICO, rightly, keeps a public register of data controllers on their website. You can check, before handing over your personal data, if a business is compliant (try your estate agents or similar, they’re often offenders) and complain if needed.
However this register, as well as your name and type of ‘data processing’, also lists your address with no opt-out ability. So if you’re a freelance working from home you immediately have to add the costs of a real or ‘virtual’ office or similar in order to be compliant and keep your privacy. With enterprise charities and the government continually talking about removing ‘barriers to growth’ for those who choose to work for themselves or start a business, the process of not committing an accidental crime could be much easier.
The Information Commissioner’s Office could do much worse than to change the fee structure as it applies to freelancers and very small businesses (currently it’s the same until you hit a £25.9M turnover), change the requirements for information published by sole traders to remove the burden of masking your home address and start a real targeted effort to inform. For many it’s not a case of wilful non-compliance but simply not knowing the law and having trouble realistically complying with it.
*Correction: I initially mentioned a PO box in the second to last paragraph for masking an address. In fact, unless marked sensitive, you can simply ask royal mail for the location behind one.