the data protection act 1998

FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License

The Data Protection Act 1998


Data Protection Act 1998

4. Exemptions

3. Principles

2. People

1. Reasons

DPA

4 key points you need to learn/understand/revise


Reasons for the DPA 1

• Computer systems contain large amounts of personal data that may be sensitive

• Personal privacy and rights for individuals demand good information handling practice

• The DPA is an attempt to address this issue

Personal Privacy is a basic human right


Reasons for the DPA 2 The DPA was first passed in 1984 and revised in 1998 (to

bring it into line with other European Union countries)

• Set of regulations for storing personal data

• 1998 Act was extended to cover paper-based data (previously only covered automatically processed data)


People

• The DPA refers to two types of people

• Data Controllers(formerly called data holders)

• Data Subjects

• The DPA is enforced by the Information Commissioner


The Information Commissioner

The Commissioner has responsibility for ensuring the DPA is enforced

• Keeps a public register of data controllers

• Promotes good information handling practice

• Advises on data protection issues and acts as an ombudsman


Data Controllers/Subjects Data Controllers - Those who control the contents and use

of a collection of personal data.

• Data controllers must register with the Information Commissioner. They must register a description of the data being processed, the purpose information will be used for, from whom it will be obtained and to whom it will be disclosed

Data Subjects - The individuals to whom the data relates

• We are all data subjects!


Eight DPA Principles Once registered users/controllers must comply with 8 data

protection principles

Personal Data must be:• Fairly & Lawfully processed

• Processed for limited purposes

• Adequate, relevant and not excessive

• Accurate

• Not kept longer than necessary

• Processed in accordance with rights

• Secure

• Not transferred to other countries without protection

Use your textbook to find out what these actually

mean!

Pages 108-110Mott and Leeming

2nd Edition


Data Subjects’ Rights Under the sixth principle data subjects have the right to

see data held about them

• Data controllers must supply this information in 40 days

• They may charge a small fee for administration

Data subjects have the right to• Have any errors corrected

• Compensation for any distress if the Act has been broken

• Prevent processing for direct marketing or automated decision making


Data Subjects’ Rights 2 Organisations do not normally need your consent to process

your personal data as part of their normal work e.g. using loyalty card data to send you direct marketing

• You agree to this when you apply for the card

• However, they cannot pass on your data without your consent

• In practice you often grant this by failing to tick a box on application forms!


Exemptions There are a number of examptions from the priciples of

the Data Protection Act. Exemption exists:

• If the information is held to safeguard national security

• If the information is used to prevent crime

• If the information is used to collect taxes

• If the information is used in journalism for historical purposes

Personal data about family/household affairs doesn’t need to be registered


Summary/Revision

Use the your textbook or the Internet to make your OWN notes on the Data Protection Act

the data protection act 1998

Documents