1 / 15

Data Protection Act: Principles, Rights & Exemptions

Learn about the purpose, principles, and exemptions of the Data Protection Act. Explore data user responsibilities and subjects' rights, with a case study on compliance breaches.

atynes
Download Presentation

Data Protection Act: Principles, Rights & Exemptions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Data Protection Act

  2. This lesson will cover: • The purpose of the Data Protection Act. • What is meant by the terms data user, data subject and data controller. • The eight guiding principles that data users must follow, and the rights of data subjects. • Exemptions to the Data Protection Act.

  3. The need for data protection Most people would be shocked if this sort of information was displayed in a public place. Why? What is wrong with this picture?

  4. What is the Data Protection Act?

  5. The eight guiding principles There are eight data protection principles. According to the Act, data must be: 1. Processed fairly and lawfully. 2. Processed for a specific purpose. 3. Adequate, relevant and not excessive. 4. Accurate. 5. Kept for no longer than is necessary. 6. Processed in line with the rights of individuals. 7. Kept secure. 8. Not transferred to countries outside the European Economic Area unless there is adequate protection.

  6. Recap

  7. Sensitive data

  8. Subjects and users

  9. Who keeps and provides data?

  10. Responsibilities of data users Data users must register with the Data Protection Commission. The Information Commissioner’s Office is responsible for regulating the Data Protection Act. Data users must specify: • what data they want to store • what they want to use it for • how long they will keep it • who they might pass it on to. They must also agree to follow the eight Data Protection Principles.

  11. Rights of data subjects

  12. Exemptions to the act There are a few cases when the Data Protection Act does not apply. These are called exemptions to the act. Some examples include: • national security – you cannot demand to see your data if national security is at stake • police investigations – information being used to prevent crime is not covered (though police records are) • examination results – these are exempt until they are published by the examining bodies.

  13. Breaking the act

  14. Case study In March 2007, the media reported that a number of high street banks had failed to comply with the Data Protection Act. An investigation was carried out after complaints that banks had been dumping customers’ personal details in bins outside their premises. Details of a bank transfer for £500,000 were allegedly found outside a Nottingham branch of one bank. The Information Commissioner’s Office found that 13 firms had breached the Data Protection Act. Following the investigation, the firms agreed to comply with the act in the future. How would you react if this happened to your bank details?

  15. Summary

More Related