legal issues the data protection act 1998. legal issues what the act covers the misuse of personal...
TRANSCRIPT
Legal issues
The Data Protection Act 1998
Legal issues
What the Act covers
• The misuse of personal data• By organizations and businesses
Legal issues
The terms used in the Act
You will need to be able to define each of the following terms:
• Personal data – data about a living identifiable person, which is specific to that person
• Data subject – the living individual whom the personal information is about
• Data holder/controller - the person whose responsibility it is in an organization to control the way that personal data is processed
• Information Commissioner – the person responsible for enforcing the Act. They also promote good practice and make everyone aware of the implications of the Act.
Legal issues
Personal data 1
Personal data is:• Data about an
identifiable person• who is living• and is specific to
that person
Legal issues
Personal data 2
Personal data can include:•Date of birth•Medical details•Credit history•Salary•Qualifications•Religious beliefs
Legal issues
Notification by the data holder
The Information Commissioner needs to know that an organization is processing personal informationNotification involves the data holder telling the Information Commissioner what personal data is processed and why it is processed
Legal issues
Subject access
Subjects are able to see information held.Purpose is to let them check it is correct.If information is wrong they can either:• have the right to compensation if they
have occurred loss or injury as a result• have the right to having the information
changed or deleted
Legal issues
Exemptions 1• Where data is used for personal, family
or household use• Where the data is used for preparing
text (e.g., references)• Where the data is being used for the
calculation of pay or pensions• Where data is being used for mailing
lists provided only name and address details are stored
• Where the data is used by a sports or recreational club that is not a limited company.
Legal issues
Exemptions 2
• Data used for the prevention or detection of crime
• Data used for the apprehension or prosecution of offenders
• Data used for the assessment or collection of tax or duty
• Medical records of social worker reports.
Legal issues
The Data Protection Principles
• The Data Protection Act 1998 contains eight Data Protection Principles
• Anyone processing personal information has to process data according to these principles
• You will be asked to list three or more in your exam
Legal issues
Principle 1
Personal data shall be processed fairly and lawfully.
Legal issues
Principle 2
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Legal issues
Principle 3
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Legal issues
Principle 4
Personal data shall be accurate and, where necessary, kept up to date.
Legal issues
Principle 5
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Legal issues
Principle 6
Personal data shall be processed in accordance with the rights of data subjects under this Act.
Legal issues
Principle 7
Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Legal issues
Principle 8
Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Consider the Cloud!
Legal issues
Rights of the subject
• A Right of Subject AccessA data subject has a right to be supplied by a data controller with the
personal data held about him or her. The data controller can charge for this (usually around £10 pounds).
• A Right of CorrectionA data subject may force a data controller to correct any mistakes in
the data held about them.
A Right to Prevent DistressA data subject may prevent the use of information if it would be likely
to cause them distress.
Legal issues
Rights of the subject• A Right to Prevent Direct MarketingA data subject may stop their data being used in attempts to sell them
things (eg by junk mail or cold calling.)
• A Right to Prevent Automatic DecisionsA data subject may specify that they do not want a data user to make
"automated" decisions about them where, through points scoring, a computer decides on, for example, a loan application.
• A Right of Complaint to the Information CommissionerA data subject can ask for the use of their personal data to be reviewed
by the Information Commissioner who can enforce a ruling using the DPA. The Commissioner may inspect a controller's computers to help in the investigation.
Legal issues
Rights of the subject• A Right to CompensationThe data subject is entitled to use the law to get compensation for
damage caused ("damages") if personal data about them is inaccurate, lost, or disclosed.
Legal issues
Physical Methods to prevent unauthorised access to
computer systems• Locks• Clamps• Alarms• Surveillance• Location
Legal issues
Data Protection Act Scenarios
• Find three news stories from the internet.
• Write a short paragraph about each stating what the story was about, what principals of the data act was violated and what were the consequences.