the data protection act 1998
DESCRIPTION
The Data Protection Act 1998. Data Protection Act 1998. 4 key points you need to learn/understand/revise. Reasons for the DPA 1. Personal Privacy is a basic human right. Computer systems contain large amounts of personal data that may be sensitive - PowerPoint PPT PresentationTRANSCRIPT
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
The Data Protection Act 1998
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Data Protection Act 1998
4. Exemptions
3. Principles
2. People
1. Reasons
DPA
4 key points you need to learn/understand/revise
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Reasons for the DPA 1
• Computer systems contain large amounts of personal data that may be sensitive
• Personal privacy and rights for individuals demand good information handling practice
• The DPA is an attempt to address this issue
Personal Privacy is a basic human right
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Reasons for the DPA 2 The DPA was first passed in 1984 and revised in 1998 (to
bring it into line with other European Union countries)
• Set of regulations for storing personal data
• 1998 Act was extended to cover paper-based data (previously only covered automatically processed data)
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
People
• The DPA refers to two types of people
• Data Controllers(formerly called data holders)
• Data Subjects
• The DPA is enforced by the Information Commissioner
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
The Information Commissioner
The Commissioner has responsibility for ensuring the DPA is enforced
• Keeps a public register of data controllers
• Promotes good information handling practice
• Advises on data protection issues and acts as an ombudsman
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Data Controllers/Subjects Data Controllers - Those who control the contents and use
of a collection of personal data.
• Data controllers must register with the Information Commissioner. They must register a description of the data being processed, the purpose information will be used for, from whom it will be obtained and to whom it will be disclosed
Data Subjects - The individuals to whom the data relates
• We are all data subjects!
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Eight DPA Principles Once registered users/controllers must comply with 8 data
protection principles
Personal Data must be:• Fairly & Lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate
• Not kept longer than necessary
• Processed in accordance with rights
• Secure
• Not transferred to other countries without protection
Use your textbook to find out what these actually
mean!
Pages 108-110Mott and Leeming
2nd Edition
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Data Subjects’ Rights Under the sixth principle data subjects have the right to
see data held about them
• Data controllers must supply this information in 40 days
• They may charge a small fee for administration
Data subjects have the right to• Have any errors corrected
• Compensation for any distress if the Act has been broken
• Prevent processing for direct marketing or automated decision making
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Data Subjects’ Rights 2 Organisations do not normally need your consent to process
your personal data as part of their normal work e.g. using loyalty card data to send you direct marketing
• You agree to this when you apply for the card
• However, they cannot pass on your data without your consent
• In practice you often grant this by failing to tick a box on application forms!
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Exemptions There are a number of examptions from the priciples of
the Data Protection Act. Exemption exists:
• If the information is held to safeguard national security
• If the information is used to prevent crime
• If the information is used to collect taxes
• If the information is used in journalism for historical purposes
Personal data about family/household affairs doesn’t need to be registered
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License
Summary/Revision
Use the your textbook or the Internet to make your OWN notes on the Data Protection Act