Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Background “The ‘right to privacy’ s a right we all expect. We do not expect personal details such as our age, medical records,personal family details, political and religious beliefs to be freely available to everybody. With the growth of Information and Communication Technology, large databases are able to hold huge quantities of information and global networks are able to share and distribute this information around the world in seconds. In order to control this development and to protect people’s right to privacy, the Data Protection Act was introduced. The first Act became law in 1984 but was replaced by the 19998 Act that also incorporates the European Commission Directive. If any person, organisation, company or business wishes to hold personal information about people, they must register with the Office of the Data Protection Commissioner.” Gareth Williams “student handbook.ict”
Who does it apply to? • A Data Subject is anyone who has information about them stored on a computer. • A Data User is anyone who uses or stores data i.e. banks, building societies and most commercial businesses. • The act allows us to find out; • What information is held on us; • Change or challenge the information; • Claim compensation for any damage. • The original Act only covered information that was processed electronically i.e. using a computer. Paper files were not covered. However the 1998 Act included manual records (Paper files ) as well.
Rights of Subject Access • A Data Subject can ask an organisation if they hold information about them and what form this information takes. This request must be made in writing. • Data Users can charge up to £10 for this information and are obliged to respond within 40 days, even if the reply is negative. If they do hold information about you they must supply the Subject a full copy of what they hold. • The Data Subjects can apply to the Data Registrar to have any incorrect or inaccurate data changed. They may also claim for compensation if they have suffered any material damage. • Data Users are required by law to disclose what type of information they have about data subjects and what purpose they use it for.
Rights of Subject Access • Data Users are required by law to disclose what type of information they have about data subjects and what purpose they use it for. • Data Users must apply to be put on the Data Protection register. There are exemptions however (these are very limited in their application); • Information related to national security; • Information associated with crime and taxation; • Information involved in health, education and social work; • Information used in regulatory activities used by public ‘watchdogs’; • Information processed for special purposes (journalistic, literary, artistic); • Information used in research, history and statistics; • Information required by law and in connection with legal proceedings; • Information held for domestic purposes, eg household, personal and family affairs. • Failure to register is a criminal offence. A Data User can be prosecuted if they act outside the limits of the entry in the register.
The 8 Principles (Golden Rules) of the Data Protection Act The First Principle ‘The information to be contained in personal data shall be obtained and personal data shall be processed, fairly and lawfully.’ In other words Data Subjects should be made aware of what the information about them will be used for and whether it will be disclosed to anyone.
The 8 Principles (Golden Rules) of the Data Protection Act The Second Principle ‘‘Personal data shall be held only for one or more specified and lawful purposes.’ Data Users can only hold the information listed in the register.
The 8 Principles (Golden Rules) of the Data Protection Act The Third Principle ‘Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes.’ Data Users can only hold the minimum amount of information needed to satisfy their stated purpose.
The 8 Principles (Golden Rules) of the Data Protection Act The Fourth Principle ‘Personal data shall be accurate and, where necessary, kept up to date.’
The 8 Principles (Golden Rules) of the Data Protection Act The Fifth Principle ‘Personal data held for any purpose or purposes shall not be kept longer than is necessary for that purpose or those purposes.’
The 8 Principles (Golden Rules) of the Data Protection Act The Sixth Principle ‘An individual shall be entitled – at reasonable intervals and without undue delay or expense – to be informed by any data users whether he holds personal data of which that individual is the subject; andto access to any such data held by a data users; and where appropriate, to have such data corrected or erased.’
The 8 Principles (Golden Rules) of the Data Protection Act The Seventh Principle ‘Appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data.’
The 8 Principles (Golden Rules) of the Data Protection Act The Eighth Principle ‘Personal data held for any purpose or purposes shall not be transferred to countries outside the European Economic area’