1 / 11

The Data Protection Act 1998

The Data Protection Act 1998. Data Protection Act 1998. 4 key points you need to learn/understand/revise. Reasons for the DPA 1. Personal Privacy is a basic human right. Computer systems contain large amounts of personal data that may be sensitive

jadej
Download Presentation

The Data Protection Act 1998

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Data Protection Act 1998

  2. Data Protection Act 1998 • 4 key points you need to learn/understand/revise

  3. Reasons for the DPA 1 • Personal Privacy is a basichuman right • Computer systems contain large amounts of personal data that may be sensitive • Personal privacy and rights for individuals demand good information handling practice • The DPA is an attempt to address this issue

  4. Reasons for the DPA 2 • The DPA was first passed in 1984 and revised in 1998 (to bring it into line with other European Union countries) • Set of regulations for storing personal data • 1998 Act was extended to cover paper-based data (previously only covered automatically processed data)

  5. People • The DPA refers to two types of people • Data Controllers(formerly called data holders) • Data Subjects • The DPA is enforced by the Information Commissioner

  6. The Information Commissioner • The Commissioner has responsibility for ensuring the DPA is enforced • Keeps a public register of data controllers • Promotes good information handling practice • Advises on data protection issues and acts as an ombudsman

  7. Data Controllers/Subjects • Data Controllers - Those who control the contents and use of a collection of personal data. • Data controllers must register with the Information Commissioner. They must register a description of the data being processed, the purpose information will be used for, from whom it will be obtained and to whom it will be disclosed • Data Subjects - The individuals to whom the data relates • We are all data subjects!

  8. Eight DPA Principles • Once registered users/controllers must comply with 8 data protection principles • Personal Data must be: • Fairly & Lawfully processed • Processed for limited purposes • Adequate, relevant and not excessive • Accurate • Not kept longer than necessary • Processed in accordance with rights • Secure • Not transferred to other EU countries without protection

  9. Data Subjects’ Rights • Under the sixth principle data subjects have the right to see data held about them • Data controllers must supply this information in 40 days • They may charge a small fee for administration • Data subjects have the right to • Have any errors corrected • Compensation for any distress if the Act has been broken • Prevent processing for direct marketing or automated decision making

  10. Data Subjects’ Rights 2 • Organisations do not normally need your consent to process your personal data as part of their normal work e.g. using loyalty card data to send you direct marketing • You agree to this when you apply for the card • However, they cannot pass on your data without your consent • In practice you often grant this by failing to tick a box on application forms!

  11. Exemptions • There are a number of examptions from the priciples of the Data Protection Act. Exemption exists: • If the information is held to safeguard national security • If the information is used to prevent crime • If the information is used to collect taxes • If the information is used in journalism for historical purposes • Personal data about family/household affairs doesn’t need to be registered

More Related