The Data Protection Act

1
The Data Protection Act
2
Background

• The right to privacy s a right we all expect.
  We do not expect personal details such as our
  age, medical records,personal family details,
  political and religious beliefs to be freely
  available to everybody. With the growth of
  Information and Communication Technology, large
  databases are able to hold huge quantities of
  information and global networks are able to share
  and distribute this information around the world
  in seconds. In order to control this development
  and to protect peoples right to privacy, the
  Data Protection Act was introduced. The first Act
  became law in 1984 but was replaced by the 19998
  Act that also incorporates the European
  Commission Directive.
• If any person, organisation, company or business
  wishes to hold personal information about people,
  they must register with the Office of the Data
  Protection Commissioner.
• Gareth Williams student handbook.ict

3
Who does it apply to?

• A Data Subject is anyone who has information
  about them stored on a computer.
• A Data User is anyone who uses or stores data
  i.e. banks, building societies and most
  commercial businesses.
• The act allows us to find out
• What information is held on us
• Change or challenge the information
• Claim compensation for any damage.
• The original Act only covered information that
  was processed electronically i.e. using a
  computer. Paper files were not covered. However
  the 1998 Act included manual records (Paper files
  ) as well.

4
Rights of Subject Access

• A Data Subject can ask an organisation if they
  hold information about them and what form this
  information takes. This request must be made in
  writing.
• Data Users can charge up to 10 for this
  information and are obliged to respond within 40
  days, even if the reply is negative. If they do
  hold information about you they must supply the
  Subject a full copy of what they hold.
• The Data Subjects can apply to the Data Registrar
  to have any incorrect or inaccurate data changed.
  They may also claim for compensation if they
  have suffered any material damage.
• Data Users are required by law to disclose what
  type of information they have about data subjects
  and what purpose they use it for.

5
Rights of Subject Access

• Data Users are required by law to disclose what
  type of information they have about data subjects
  and what purpose they use it for.
• Data Users must apply to be put on the Data
  Protection register. There are exemptions
  however (these are very limited in their
  application)
• Information related to national security
• Information associated with crime and taxation
• Information involved in health, education and
  social work
• Information used in regulatory activities used by
  public watchdogs
• Information processed for special purposes
  (journalistic, literary, artistic)
• Information used in research, history and
  statistics
• Information required by law and in connection
  with legal proceedings
• Information held for domestic purposes, eg
  household, personal and family affairs.
• Failure to register is a criminal offence. A
  Data User can be prosecuted if they act outside
  the limits of the entry in the register.

6
The 8 Principles (Golden Rules) of the Data
Protection Act

• The First Principle
• The information to be contained in personal data
  shall be obtained and personal data shall be
  processed, fairly and lawfully.
• In other words Data Subjects should be made aware
  of what the information about them will be used
  for and whether it will be disclosed to anyone.

7
The 8 Principles (Golden Rules) of the Data
Protection Act

• The Second Principle
• Personal data shall be held only for one or
  more specified and lawful purposes.
• Data Users can only hold the information listed
  in the register.

8
The 8 Principles (Golden Rules) of the Data
Protection Act

• The Third Principle
• Personal data held for any purpose or purposes
  shall be adequate, relevant and not excessive in
  relation to that purpose or those purposes.
• Data Users can only hold the minimum amount of
  information needed to satisfy their stated
  purpose.

9
The 8 Principles (Golden Rules) of the Data
Protection Act

• The Fourth Principle
• Personal data shall be accurate and, where
  necessary, kept up to date.

10
The 8 Principles (Golden Rules) of the Data
Protection Act

• The Fifth Principle
• Personal data held for any purpose or purposes
  shall not be kept longer than is necessary for
  that purpose or those purposes.

11
The 8 Principles (Golden Rules) of the Data
Protection Act

• The Sixth Principle
• An individual shall be entitled at reasonable
  intervals and without undue delay or expense
• to be informed by any data users whether he holds
  personal data of which that individual is the
  subject
• andto access to any such data held by a data
  users
• and where appropriate, to have such data
  corrected or erased.

12
The 8 Principles (Golden Rules) of the Data
Protection Act

• The Seventh Principle
• Appropriate security measures shall be taken
  against unauthorised access to, or alteration,
  disclosure or destruction of, personal data and
  against accidental loss or destruction of
  personal data.

13
The 8 Principles (Golden Rules) of the Data
Protection Act

• The Eighth Principle
• Personal data held for any purpose or purposes
  shall not be transferred to countries outside the
  European Economic area