The Data Protection Act 1998 - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

The Data Protection Act 1998

Description:

the commission or alleged commission by him of any offence, or. any proceedings for any offence committed or alleged to have been committed by ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 26
Provided by: debrahh
Category:
Tags: act | data | offence | protection

less

Transcript and Presenter's Notes

Title: The Data Protection Act 1998


1
The Data Protection Act 1998
  • Barry Ryan
  • MRS Standards Policy Manager
  • 25 February 2009
  • ASC

2
Introduction to the DPA
  • Came into force in October 2001
  • Covers all data collection and processing methods
    including audio video computers CATI CCTV
    etc.
  • Awareness required for all processing personal
    data

3
Key Definitions
  • Personal Data any information relating to an
    identifiable, living person
  • Data Subject a living individual about whom data
    is held
  • Processing obtaining, recording, holding,
    transferring, altering,retrieval etc

4
Key Definitions
  • Data Controller a legal or living person that
    determines the purposes for which, and the manner
    in which, personal data will be processed
  • Data Processor Any person who processes the data
    on behalf of the data controller (other than an
    employee of the data controller)
  • Notification requirement for data controllers to
    register with the Information Commissioner about
    the classes of personal data held

5
The Data Principles
  • Must be processed fairly lawfully

6
The Data Principles
  • Can only be used for the specified and lawful
    purposes for which it was collected
  • .and not further processed in any manner
    incompatible with those purposes

7
Incompatible?
  • Use of client databases for research?
  • Research not specified as a purpose
  • Transfer to research agency not specified

8
Databases
  • In general, where data has been collected to
    provide a product or service to the data subject,
    it would fall within the reasonable expectations
    of the average consumer that they may be asked
    their opinion of that product or service
  • Inviting them to participate in such a research
    project would be compatible with the purposes for
    which the data was collected

9
Using an agency
  • Are they really a third party?
  • A third party is not
  • Data controller
  • Data processor
  • Or their employees

10
Using an agency
  • Client remains controller of the database
  • Agency is processor of the original data
  • Agency may be controller of further data supplied
    by data subject

11
The Data Principles
  • Shall be adequate, relevant and not excessive

12
Sensitive Personal Data
  • Sensitive personal data means personal data
    consisting of information as to
  • the racial or ethnic origin of the data subject,
  • his political opinions,
  • his religious beliefs or other beliefs of a
    similar nature,
  • whether he is a member of a trade union (
  • his physical or mental health or condition,
  • his sexual life,
  • the commission or alleged commission by him of
    any offence, or
  • any proceedings for any offence committed or
    alleged to have been committed by him, the
    disposal of such proceedings or the sentence of
    any court in such proceedings.

13
The Data Principles
  • Shall be accurate and up to date

14
Correcting errors
  • Allows incorrect data to be flagged and passed
    back to client for follow-up and data cleansing

15
The Data Principles
  • Must not be kept beyond fulfilling the purpose
    for which it was collected

16
Data Retention
  • No longer than is necessary
  • In practice this is set out in privacy policies
  • Fixed period set in ISO 20252

17
The Data Principles
  • Shall be processed in accordance with the rights
    of the data subject

18
Rights?
  • Human rights
  • Right to anonymity/confidentiality in research
    codes

19
The Data Principles
  • Appropriate technical and organisational measures
    shall be taken against unauthorised or unlawful
    processing of personal data and against
    accidental loss or destruction of, or damage to,
    personal data.

20
Measuring risk
  • Measured by sensitivity of the data
  • Higher the sensitivity, higher the security

21
Risks
  • Assess risk and respond appropriately
  • What data do you hold?
  • Who is in charge?
  • Security measures?
  • Organisational
  • Staff
  • Physical Security
  • Computer Security

22
Mobile devices and media - ICO
  • There have been a number of reports recently of
    laptop computers, containing personal information
    which have been stolen from vehicles, dwellings
    or left in inappropriate places without being
    protected adequately.  The Information
    Commissioner has formed the view that in future,
    where such losses occur and where encryption
    software has not been used to protect the data,
    enforcement action will be pursued.

23
Mobile devices and media - ICO
  • The ICO recommends that portable and mobile
    devices including magnetic media,  used to store
    and transmit personal information, the loss of
    which could cause damage or distress to
    individuals, should be protected using approved
    encryption software which is designed to guard
    against the compromise of information.

24
The Data Principles
  • Shall not be transferred outside the EEA unless
    adequate precautions are in place

25
Further information
  • www.mrs.org.uk
  • codeline_at_mrs.org.uk
  • 020 7490 4911
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Data Protection Act 1998" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!