Computer law specialists reckon 2002 will be the year the government starts enforcing the various laws relating to computer use.

Top of the cops' big sticks to use is the Data Protection Act 1998, specifically the way it affects databases that contain personal information in the form of companies' customer lists.

"Now the Data Protection Act has had time to settle in, the authorities will be looking much more closely at compliance," said Mark Crichard, a partner of IT law consultants Andersen Legal.

Clauses in the Act concerning data privacy refer to the security of personal information, the way it is gathered and stored and the use to which it is put. It lays down strict rules governing to whom personal data can be passed.

Crichard believes the Information Commission, previously the Data Protection Registrar's Office, which is responsible for upholding the Act, will target specific business sectors, such as financial services.

As evidence of compliance with the Act the Commission will be looking to ensure companies have set up their databases to ensure that accidental breaches of privacy, caused by lax security or sloppy practice, don't occur, said Crichard.

Small businesses, which may not be able to afford secure systems, will be especially vulnerable. They will have to consider the legal aspects of their customer databases as much as the technical.

The Information Commission doesn't have the same fearsome powers as, say, Customs & Excise inspectors, who have powers of entry and search beyond that of the police. Rather, the Commission will investigate complaints brought by the public about abuses of data privacy, said Crichard.