Data Protection Act (1998)

Made by: Salvador PalmaEduardo Diaz-Bazan

• What is the Data Protection Act and why was it created?

• What are the eight principles of the Data Protection Act?

• Data Protection Act: What rights do we have?

• What is an Information Commissioner, Data Controller and Data Subject?

• Are there any exemptions to the Data Protection Act?

After this presentation you should be able to know…

The Data Protection Act was developed to give protection and lay down the rules about how personal data can be used.

It was created to protect individuals from misuse of this data. It governs the collection and processing of data by organisations and the individual rights to access the data if they wish.

What is it and why was it created?

1. Data must be kept secure.

2. Data stored must be relevant.

3. Data stored must be kept no longer than necessary.

4. Data stored must be kept accurate and up-to-date.

5. Data must be obtained and processed lawfully.

6. Data must be processed within the data subject rights.

7. Data must be obtained and specified for lawful purposes.

8. Data must not be transferred to countries without adequate data protection laws.

What are the eight principles of it?

• To be supplied with the data held about us.

• To change incorrect data.

• To prevent data being used about us if it will cause distress.

• To stop data being used in attempts to sell us something if the data was not collected for that purpose.

• To use the law to gain compensation.

What rights do we have as data subjects?

Information Commissioner: Person who has the power to enforce the Act.

Data Controller: Person or Company that collects and keeps data about people.

Data Subject: Person who has data about them stored outside their direct control.

What is an Information Commissioner, Data Controller and Data Subject?

• Police can access personal information in order to solve crimes.

• The taxman can access personal information to ensure people pay their taxes.

• Any data held for domestic purposes at home e.g. birthday lists, address books.

Are there any exemptions to the Data Protection Act?

Early invasions of privacy was defined as the trespass, assault, or eavesdropping, but now, all the new technologies like computers and cell phones have to be taken into account.

Before many of nowadays technology, people could be almost certain that they could hold a conversation privately in a person's home or office and that they could not be heard by other people. Before the invention of computer databases, people could have information safe and secure in a filing cabinet which is hard to access, but now with the use of technologies like computers, people can hack computers and access to a lot of private information.

Privacy in the US

Modern privacy laws state that the following are considered as the most important invasions of privacy:

unreasonable intrusion upon the seclusion of another, for example, physical invasion of a person's home (e.g., unwanted entry, looking into windows with binoculars or camera, tapping telephone), searching wallet or purse, repeated and persistent telephone calls, obtaining financial data (e.g., bank balance) without person's consent, etc.

appropriation of a person's name or likeness; successful assertions of this right commonly involve defendant's use of a person's name or likeness on a product label or in advertising a product or service. A similar concept is the "right of publicity" in Restatement (Third) Unfair Competition §§46-47 (1995). The distinction is that privacy protects against "injury to personal feelings", while the right of publicity protects against unauthorized commercial exploitation of a person's name or face. As a practical matter, celebrities generally sue under the right of publicity, while ordinary citizens sue under privacy.

publication of private facts, for example, income tax data, sexual relations, personal letters, family quarrels, medical treatment, photographs of person in his/her home.

publication that places a person in a false light, which is similar to defamation. A successful defamation action requires that the information be false. In a privacy action the information is generally true, but the information created a false impression about the plaintiff.

Further more, it must be said that the most common and most latent privacy concern is the second one, also known as identity theft.

Modern privacy laws

surreptitious interception of conversations in a house or hotel room is eavesdropping. See e.g., N.Y. Penal §§ 250.00, 250.05

one has a right of privacy for contents of envelopes sent via first-class U.S. Mail. 18 USC § 1702; 39 USC § 3623

one has a right of privacy for contents of telephone conversations, telegraph messages, or electronic data by wire. 18 USC § 2510 et seq.

one has a right of privacy for contents of radio messages. 47 USC §605 A federal statute denies federal funds to educational institutions that do not

maintain confidentiality of student records, which enforces privacy rights of students in a backhanded way. 20 USC § 1232g. Commonly called the Buckley-Pell Amendment to the Family Educational Rights and Privacy Act. See also Krebs v. Rutgers, 797 F.Supp. 1246 (D.N.J. 1991); Tombrello v. USX Corp., 763 F.Supp. 541 (N.D.Ala.1991).

Records of sales or rentals of video tapes are confidential. 18 USC §2710 Content of e-mail in public systems are confidential. 18 USC § 2702(a).

Bank records are confidential. 12 USC §3401 et seq. library records are confidential in some states.     e.g., N.Y. CPLR § 4509;

Quad/Graphics, Inc. v. Southern Adirondack Library Sys., 664 N.Y.S.2d 225 (N.Y.Sup.Ct. 30 Sep 1997)

Federal statutes:

Islam gives great importance to the fundamental human right to privacy.

This is evident from the Quran, as some of the verses state:'Do not spy on one another' (49:12); 'Do not enter any houses except your own homes unless you are sure of their occupants' consent' (24:27).

various laws have been declared to be in violation of the injunctions of Islam by the Federal Shariah Court. The Constitution of Pakistan, as well as the Pakistani law on Freedom of Information, recognizes the right to privacy. Despite this, the main objective of the draft Pakistani Data Protection Law is not to enshrine the principles of Islam, but to satisfy the requirements of European Union Directive 95/46, in particular Article 25 thereof, with the hope of ensuring that data will be allowed to flow freely between the European Union and Pakistan, thus making Pakistan an attractive market for outsourcing.

Privacy in Islam countries

In pakistan , the new law has been applied, it consists on the protection of private facts.

The EDPSA that the subjet being investigated or of whow data is being collected should be provided with a notice. This notice will have to be given to the Certification Council.

Electronic Data Protection and Safety Act

(a) name or trade name, and address of the data controller and data processor

(b) manner of collection of local data (c) purposes and means of the processing; (c) description of the data, the location where they are kept and the

categories of data subjects to whom they relate; (d) limits of data clisclosure aud disseniination (e) intended transfers of data to any country or teritory outside

Pakistan; (f) general description that allows an assessment of the technical and

organizational measures taken to ensyre data security; (g) specification of any data filing system which fue processing is

related to, and the connections, if any. with other data processing or data filing systems. whether within

Pakistan or not; (h) copy of the contract between data controller aiid data processor; (i) the capacity and authority of the individual submitting the notice.

The notice: