It is interesting that we are making lots of exemptions for the Government, parish councils, lawyers and so on. I spoke to some lawyers this morning, and they were not convinced by the measures either. However, small businesses seem to be disproportionately affected, and there is real confusion out there. As I say, a lot of work has been done to protect the Government, parish councils and lawyers, but what about the little people—the people who make this country grow? There is even confusion in the Information Commissioner’s Office, which gave the wrong advice in briefings here to MPs’ staff only the other week. What are we going to do to protect the small people? They think that they are doing the right thing, but they have probably been ill advised. They are spending a lot of money trying to get things right, but there is real confusion out there.
My right hon. Friend raises several important points. As for the effect on small businesses, he will be reassured to learn that the issues with the processing of highly personal data that I was discussing do not apply to the majority of SMEs. They will not have to appoint a data protection officer, so that is one comfort.
The Minister is being ever so generous in giving way not just to me, but to Members from across the House, and I thank her. Returning to the parliamentary stuff—we are only a small part of all this—some of the staff present at the briefing I mentioned left in tears, and I know that for a fact, because a member of my staff was there. Believe it or not, even though the ICO knew that the briefing was completely flawed, it has today issued certificates of attendance saying that it was the right thing for staff to have done.
More important, however, are the SMEs. Small businesses have approached me today to tell me that they have been told to delete all their data unless they get permission from the relevant people. Companies that did work for people three, four or five years ago—even last year—must get permission to hold their addresses so that they can fulfil, for example, warranty agreements. Other companies are getting completely different advice, and the lawyers are getting different advice. There seems to be a rush to protect Government agencies, local government, parish councils and lawyers, but not enough is being done to protect the small people of this country—the people who account for so much of our money.
I thank my right hon. Friend for his points. I want to reassure the small businesses that he mentions. I sympathise with businesses that are getting conflicting advice, and with those that are approached by firms of consultants who appear to be exaggerating the scale of the task of complying with the legislation. I am afraid that that always happens when there is change; people think that they can exaggerate the impact and the implications of a change and—who knows?—perhaps they will be remunerated for helping businesses to comply.
I also want to reassure my right hon. Friend about the specific case that he mentioned, in which companies were being advised that they needed to delete all the data for which they did not have consent. I want to reassure him that the vast majority of businesses will not have to delete the personal data that they hold. If they have gained the personal data lawfully, there are five, if not six, lawful bases on which they can process that personal data, of which consent is only one. I draw his attention particularly to legitimate interests, which is a lawful basis for processing data. For example, if a small firm has been supplying a much-needed service to people for a number of years, it is in the pursuit of its legitimate interests to communicate with its database of customers or new prospects, and it does not need to have consent. I would advise people not to delete their data without very careful consideration, or without consultation with the ICO website in particular.
Will the Minister give way?
I will give way to my right hon. Friend in a second. I want to respond to my right hon. Friend the Member for Hemel Hempstead (Sir Mike Penning) on the alleged discrimination involved in our taking steps to protect lawyers, parliamentarians, local councillors and so on but not to protect small businesses. The reason is that small businesses are less affected, in the sense that most of them do not process huge quantities of personal data. They therefore come under the purview of the ICO to a lesser extent, and enforcement is less likely to focus on organisations that do not process highly personal data. Those organisations do not need to appoint a data protection officer. I hope that I have gone some way towards allaying my right hon. Friend’s—
I will come back to my right hon. Friend in a moment, but I did say that I would give way to my right hon. Friend the Member for Broxtowe (Anna Soubry).
I thank my hon. Friend for that information, but it was mainly complete news to me, as I suspect it was to my right hon. Friend the Member for Hemel Hempstead too. We have a really serious problem here. I just cannot underestimate the amount of concern among small businesses. Medium-sized businesses with more than 250 employees have the benefit of a team of people, but this is a real crisis for small businesses and I am afraid that the lack of information is truly troubling. There are solutions, and perhaps we should discuss them in a different debate, but as a Government we have an absolute duty to get this right. There are devices available—HMRC sends out tax returns, for example—and there are many opportunities to get this information out there. At the moment, however, there is a lot of disinformation, and as my right hon. Friend the Member for Hemel Hempstead says, these businesses are the lifeblood of our economy. They do not know what is happening, and they are worried.
I sympathise with the points that my right hon. Friend has raised. In fact, we have secured almost £500,000 to launch an information campaign to bolster what the Information Commissioner’s Office is already doing for small businesses. I also draw her attention to the need for this legislation, and to the need for businesses and all of us in public life to respect people’s data rights. The landscape has changed. We now live in a digital world, and there is so much abuse of people’s privacy and data that I must bring her attention back to the need for the Bill. Of course she is right, however, to say that people need to be properly informed, and that is what the ICO is doing and what the Government campaign that we are about to launch will also do.
What the Minister said at the Dispatch Box a moment ago was also news to me. I have been campaigning and pushing on this for months—I spoke to the Secretary of State over the bank holiday weekend—and I was going to vote against the Bill this evening. Yes, we need data protection, but we do not want to destroy or frighten our businesses in the process. However, I take my hon. Friend at her word, and I will vote for the legislation this evening.
I quite agree. In fact, both the Secretary of State and I were small business owners before entering this place, so I feel what my right hon. Friend says very deeply. I must commend my hon. Friend the Member for Mid Worcestershire (Nigel Huddleston) on the excellent advice that his office has put together on what it will be doing in this respect. For the benefit of my staff, I have set out exactly what my office will be doing to comply with the legislation. If my right hon. Friend has any concerns about his own situation—
I am not worried about us; I am worried about small businesses.
In that case, I will proceed no further down that path. I am glad that I have been able to reassure my right hon. Friend and thank him for raising those important points.