Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Data Protection Act [1998]

Published byGabriella Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "The Data Protection Act [1998]"— Presentation transcript:

1 The Data Protection Act [1998]
Lecture 7 – 21st March, 2002 The Data Protection Act [1998] CT218 Professional Issues M. Scheurer, 2002

2 European Union Data Protection
Directive 95/46/EC of the European Parliament Set out principles and required member states’ DP legislation to conform within 3 years Available from European Union Information Society Website: media/index.htm M. Scheurer, 2002 Professional Issues / Lecture

3 The Data Protection Act
The Data Protection Act [1998] (repealed earlier DPA of 1984) Entered into force on 24th October (End of Transitional Period) All computer professionals should know its main provisions Information on the DPA can be found on the website of the Office of the Information Commission (OIC) M. Scheurer, 2002 Professional Issues / Lecture

4 8 Principles of Data Protection
Data must be: 1 fairly and lawfully processed 2 processed for limited purposes 3 adequate, relevant and not excessive 4 accurate 5 not kept longer than necessary 6 processed in accordance with the data subject's rights 7 secure 8 not transferred to countries without adequate protection M. Scheurer, 2002 Professional Issues / Lecture

5 Data Protection Act 1998 cont’d
Computer professionals should also know the main definitions of the act e.g. data subject, data controller, personal data sensitive personal data the main obligations of any holder of personal data how the act applies to different stakeholders (e.g. customers, employees) M. Scheurer, 2002 Professional Issues / Lecture

6 Professional Issues / Lecture
FARSTARS Fair Adequate Rights to know Specific purpose Transfer Accuracy Retention Security  1st Principle of DPA  3rd Principle of DPA  6th Principle of DPA  2nd Principle of DPA  8th Principle of DPA  4th Principle of DPA  5th Principle of DPA  7th Principle of DPA M. Scheurer, 2002 Professional Issues / Lecture

7 Professional Issues / Lecture
Fair collection Personal Data must be obtained Fairly and Lawfully Subject has given consent and/or Processing is necessary For the performance of a contract to which the DS is a party For taking steps at request of DS To protect vital interests of DS Special conditions apply to Sensitive Personal Data See Conditions in Schedule 2 of the Act M. Scheurer, 2002 Professional Issues / Lecture

8 Professional Issues / Lecture
Adequate collection Collect enough personal data for the purpose Don’t collect more than necessary for the purpose M. Scheurer, 2002 Professional Issues / Lecture

9 Professional Issues / Lecture
Rights to know Data subjects can request to see ALL the information you hold on them (system must be able to meet this obligation) Data subjects who have given permission for the Processing or retention of Personal Data may change their mind later M. Scheurer, 2002 Professional Issues / Lecture

10 Professional Issues / Lecture
Specific purpose Personal Data may only be collected for a lawful purpose (e.g. a Sale) Personal Data must not become dissociated from that purpose and used for another purpose (e.g. Direct Marketing) without the consent of the Data Subject (Opt In or Opt Out?) M. Scheurer, 2002 Professional Issues / Lecture

11 Transfer of personal data
Transfer of Personal Data to a country outside the EEA* is only permitted if the country in question offers adequate protection At present only Switzerland meets this requirement Up to date list at *EEA = 15 countries of the European Union Liechtenstein, Norway, Iceland M. Scheurer, 2002 Professional Issues / Lecture

12 Accuracy of personal data
Personal Data must be kept up to date Accuracy is the responsibility of the Data Controller, NOT the Data Subject Data Subjects should be contacted periodically and asked to check that the Personal Data held on them is still valid Data subjects must have a way of correcting incorrect data M. Scheurer, 2002 Professional Issues / Lecture

13 Retention of personal data
Personal Data may only be retained for a limited period Retention period depends on the purpose for which the Personal Data was collected (e.g. Personal Data relating to a Sale might have to be kept for up to 7 years for Tax or VAT purposes whereas Personal Data collected for a competition only needs to be kept as long as necessary for the running of the competition) M. Scheurer, 2002 Professional Issues / Lecture

14 Security of personal data
Duty of care towards Data Subjects Data in the system must be kept safe + secure Data must not be corrupted or lost (protected against viruses, hackers, theft, accidental or malicious damage, etc.) Data must not be available to non authorised people (including in transit) Inside the organisation Outside the organisation See Amazon case M. Scheurer, 2002 Professional Issues / Lecture

15 Professional Issues / Lecture
Case Study - Amazon Background documents US case against Amazon Request from Privacy International to the Information Commissioner to investigate Amazon.co.uk M. Scheurer, 2002 Professional Issues / Lecture

16 Privacy International’s complaint against Amazon.co.uk
Extract* from a letter of 4/12/2000 from Simon Davies, Director of Privacy International, to the Information Commissioner Quote: “On 14 September I wrote to the Managing Director of Amazon.co.uk 1) requesting access to all information relating to me that Amazon holds, 2) declaring my intention to then demand that Amazon then delete that information, and 3) objecting to the transfer of the data to the US His office acknowledged receipt of the letter on 27 October, but I have to date received no further reply. “ *The full text of the letter + the whole exchange of correspondence can be found at M. Scheurer, 2002 Professional Issues / Lecture

17 Data Protection Issues
What are the Data Protection Issues involved? How should a company respond to a similar request (in order to comply with its obligations under the DPA) M. Scheurer, 2002 Professional Issues / Lecture

18 Professional Issues / Lecture
Revising for Exams Lecture Notes and other Material discussed in the Lectures (as distributed and/or available on I: drive) Text book: “Professional Issues in Software Engineering” by Frank Bott et al.  (available in the Library). More specifically, concentrate on Chapters 1,2, 5, 6, 10 and 11, which deal with the material covered (or to be covered) in the Lectures. FARSTARS and the Data Protection Act ( Material available on the web mentioned in the lectures (e.g. in relation to Case Studies) M. Scheurer, 2002 Professional Issues / Lecture

19 Professional Issues / Lecture
Revision for Exams In relation to Case Studies You should be familiar with the case studies mentioned in the lectures and know: What each case is about The parties involved The issues involved The implications of the case for Systems Designers You are not expected to know minor details (such as dates, specific figures, legal references) M. Scheurer, 2002 Professional Issues / Lecture

20 Professional Issues / Lecture
Exam Format Multiple Choice Questions (with negative marking for incorrect answers) Similar (but not identical) to those provided as sample Covering most of the material studied in the Lectures Please Note: Some questions will require more knowledge than can be acquired just by reading and studying the Lecture Notes. This means that in order to answer them correctly, you will have to have studied the relevant chapters of the Text book and/or other handouts and/or the Cases mentioned) M. Scheurer, 2002 Professional Issues / Lecture

Download ppt "The Data Protection Act [1998]"

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Data Protection and Records Management

Data Protection and Records Management
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
3 Is there something I should know? Exercising our rights.

3 Is there something I should know? Exercising our rights.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

Similar presentations

Ads by Google