Aug 02 2009
The Data Protection Act
This is an important piece of legislation that you must know about for the examination. Questions on it frequently occur.
Everyone has a right to privacy. We would feel decidedly uncomfortable if all our personal details were circulated freely, even worse if critical details such as credit rating or criminal records were false. The growth in computerised data recording led to demands for protection as early as the early 1970’s. The Council of Europe passed legislation on the matter in the late 1970’s and in 1984 the Data Protection Act became law.
This legislation contains:
- Eight principles on the lawful collection, storage, and use of data.
- The provision for a Data Protection Registrar whose duties include the administration of a public register of data users, investigations of complaints, and publication of guidelines to data users.
- Provision for exemptions for the act.
- Rights of data subjects.
The law on data protection was updated in 1998.
The Eight Principles state that personal data must be:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant, and not excessive;
- accurate;
- not kept longer than necessary;
- processed in accordance with the data subject’s rights
- secure;
- not transferred to countries without adequate protection.
The important definitions to know are:
Personal data: information about living identifiable individuals.
Automatically Processed: Processed by computer and other technology.
Data Users: Those who control the contents of a database.
Data Subject: Individuals to whom data relates.
Data Registrar (or Commissioner): Official charged with the supervision of the Act
Have a look at www.dataprotection.gov.uk for more details.
All data users unless exempt must register with the Data Registrar and must give a description of:
- those on whom the data is held;
- the purpose of the data;
- the items of data;
- the sources of the data and how it was obtained;
- the organisations with which data is shared;
- which countries the data may be transferred to.
The Exemptions from the act are:
- Payroll, pensions and account data,
- Names and addresses used for distribution purposes;
- personal, family, household, or recreational.
- Subjects don’t have right of access to data held for statistical or research or back up.
- Data can be disclosed to subject’s agent, or in response to urgent need to prevent injury or damage to health.
- Special categories including tax, national security, and crime prevention.
Data subjects have rights:
- compensation for unauthorised disclosure of data;
- compensation for inaccurate data;
- access to data and application to correct or erase inaccurate data;
- compensation for unauthorised access, loss, or destruction of data.