Thousands of businesses are in danger of falling foul of the new Data Protection Act, which regulates details held about employees, clients and suppliers.

According to the South Eastern Society of Chartered Accountants (SESCA), the revised act is so complicated most firms are finding it difficult to ensure their data is held lawfully and fairly.

Society president George Holdstock said there were now tighter controls over records and organisations were required to be more open about the intended use of information.

It was essential for firms to examine their records and decide if the information was relevant and up to date.

He said: "Some requirements, such as how long details of former employees should be kept, aren't at all clear.

"The decision will depend on the size of the business, the number of employees and the type of data held."

In some cases, such as bank details for paying wages, the consent of individuals can be assumed.

But for retention of other sensitive data, explicit consent must be obtained.

Mr Holdstock said: "This could involve medical histories, political affiliations and details of ethnic origin.

"The new law also covers some types of paper files as well as computer records and practice will vary widely from company to company."

The Data Protection Commission has launched a campaign called Information Padlock aimed at firms requesting personal details.

Firms displaying the padlock symbol agree to explain why information is being requested and how it will be used.

Companies in breach of the Data Protection Act could have to pay compensation for any financial loss or personal distress.