Presentation on theme: "Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot."— Presentation transcript:
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot
What is Regulation of Personal Information? Government and companies started using computers to store information such as names, addresses and telephone numbers. This made it easier to access and so easier for the wrong people to get hold of personal data. Parliament passed laws to protect this information, including the Data Protection Act and the Freedom of Information Act.
Who is Affected? The laws cover anyone who has personal information stored about them. They are referred to as Data Subject. Any person or company that compiles information about people is a Data Controller. The person/people in charge of enforcing the laws is the Information Commisioner.
Data Protection Act The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. It was introduced to bring UK law into line with the European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions.
Personal data Data may only be used for the specific purposes for which it was collected. Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason. Individuals have a right of access to the information held about them. Personal information may be kept for no longer than is necessary and must be kept up to date.
Data protection principles The Data Protection Act creates rights for those who have their data stored, and responsibilities for those who store, process or collect personal data. The person who has their data processed has the right to: View the data an organization holds on them, for a small fee, known as 'subject access fee. Request that incorrect information be corrected. If the company ignores the request, a court can order the data to be corrected or destroyed, and in some cases compensation can be awarded. Require that data is not used in any way that may potentially cause damage or distress. Require that their data is not used for direct marketing.
Exceptions The Act is structured such that all processing of personal data is covered by the act, while providing a number of exceptions. Notable exceptions are: National security. Any processing for the purpose of safeguarding national security are exempt from all the data protection. Crime and taxation. Data processed for the prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of taxes are exempt from the first data protection principle. Domestic purposes. Processing by an individual only for the purposes of that individual's personal, family or household affairs is exempt from all the data protection principles.
The Freedom of Information Act gives you the right to obtain information held by public authorities unless there are good reasons to keep it confidential. Freedom of information act
The Freedom of Information Act deals with access to official information and gives individuals or organisations the right to request information from any public authority.
The Basics The Freedom of Information Act deals with access to official information and gives individuals or organisations the right to request information from any public authority. Your legal Obligations All public authorities and companies wholly owned by public authorities have obligations under the Freedom of Information Act. When responding to requests, they have to follow a number of set procedures.
Guidance The ICO publishes detailed guidance notes that provide organisations and individuals with all the information they need to know about the Freedom of Information Act. Decision Notices A Decision Notice outlines the ICO's final assessment, following a complaint, as to whether or not a public authority has complied with the Act. These are catalogued and available online. Enforcement action will be taken against public authorities that repeatedly fail to meet their responsibilities under the act.
Example of Data not being protected This story involves a revenge attack on someone's family, where the home address of the couple was obtained through BT’s systems. http://news.bbc.co.uk/1/hi/england/nottinghamshire/4821 810.stmhttp://news.bbc.co.uk/1/hi/england/nottinghamshire/4821 810.stm