Data Protection GCSE ICT Mrs N Steventon-2005

For the GCSE ICT exam, you need to know about the 1998 Act. The Data Protection Act (DPA) is a law designed to protect personal data stored on computer. For the GCSE ICT exam, you need to know about the 1998 Act. Mrs N Steventon-2005

Why was the DPA needed? During the second half of the 20th century computers were getting more powerful and easy to use. Companies, government and other organisations began to use them to store large amounts of information about people, such as their customers, clients and staff. Databases with this information can be quickly set up, searched, edited and accessed and take up less space than paper records. Mrs N Steventon-2005

financial information medical records criminal records Instead of paper records, computers were also being used routinely to keep personal data about people. This information included:- names addresses financial information medical records criminal records employment history Mrs N Steventon-2005

The Concerns…… A number of concerns arose about how all this information could be used:- Could it be easily copied? Could it be changed with little evidence being left? Who could see this information? How accurate was the information? Was it be possible to build up detailed files on people without their knowledge or permission? Mrs N Steventon-2005

So what does the act do? The Data Protection Act was developed to give protection and lay down rules about how data about people can be used. The Data Protection Act 1998 covers: - Information or data - stored on a computer or an organised paper filing system - about living people. Mrs N Steventon-2005

Registration with the Information Commissioner Any organisation or person who needs to store personal information must apply to Register with the Information Commissioner. A register of data controllers is kept detailing the data that will be stored so they have to say in advance what information will be stored and how they will use it. Mrs N Steventon-2005

Personal data and information Some data and information stored on computer disks is personal and needs to be kept confidential. People want to keep their pay, bank details, and medical records private and away from the view of just anybody. If someone who is not entitled to see these details can obtain access without permission it is unauthorised access. Mrs N Steventon-2005

Personal data is about living people and could be: Their name Address Medical details or banking details Mrs N Steventon-2005

'Sensitive' personal data is also about living people, but it includes one or more details of a data subject's: - racial or ethnic origin - political opinions - religion - membership of a trade union - health - sexual life - criminal activity. Mrs N Steventon-2005

The Eight Principles…… For the personal data that controllers store and process: Mrs N Steventon-2005

It must be collected and used fairly and inside the law. It must only be held and used for the reasons given. It can only be used for those registered purposes and only be disclosed to those people mentioned in the register entry. You cannot give it away or sell it unless you said you would to begin with. Mrs N Steventon-2005

(too much) when compared with the purpose stated in the register. The information held must be adequate (enough), relevant and not excessive (too much) when compared with the purpose stated in the register. It must be accurate and be kept up to date. It must not be kept longer than is necessary for the registered purpose. Mrs N Steventon-2005

The information must be kept safe and secure The information must be kept safe and secure. This includes keeping the information backed up and away from any unauthorised access. The files may not be transferred outside of the European Economic Area (that's the EU plus some small European countries) unless the country that the data is being sent to has a suitable data protection law. Mrs N Steventon-2005

Complete exemptions: Any personal data that is held for a national security reason is not covered. So MI5 or MI6 don't have to follow the rules. They do need to get a Government Minister to sign a certificate saying that they are exempt. Personal data held for domestic purposes only at home, e.g. a list of your friends' names, birthdays and addresses does not have to keep to the rules. Mrs N Steventon-2005

Glossary Data Protection Act A law designed to protect personal data stored on computer. Information Commissioner The official who supervises the enforcement of the Data Protection Act. data controller The person or organisation that stores personal data. data subject The person about whom data is stored. personal data Information about a particular person. Mrs N Steventon-2005