Download presentation
Presentation is loading. Please wait.
Published byReynold Oliver Modified over 6 years ago
1
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Contractor (since 1992 – for 17 years) …. and Master of None !
2
Data Protection Act 1998 European Directive 95/46/EC
Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data Data Protection Act 1998 Information Commissioner’s Office Data Protection Act Freedom of Information Act plus……
3
Information Commissioner’s Office
Not Legal Advice ! Non-Expert I deny saying everything I wasn’t even here today Information Commissioner’s Office
4
Data Protection Act Includes rights for individuals re personal data
processors register (notify) with the ICO processing must comply with 8 Principles Applies to computer, CCTV, some photographic, and many paper records
5
Only time for a couple…. What rights do individuals have?
What is Personal Data? What are the Eight Principles? Who has to Register? Who is the responsible ‘Data Controller’? What is the affect on system testing? What impact of other legislation? Freedom of Information Act
6
What is Personal Data? Data that relates to an identifiable living individual (whether in personal or family life, business or profession)
7
Can a living individual be identified from the data itself
Identifiable Can a living individual be identified from the data itself or from that data plus other available information reasonably likely to be available
8
Context is Everything Trevor Ellis Trevor Ellis + EX15 3XX
An individual is 'identified' if you have distinguished that individual from other members of a group. Trevor Ellis Trevor Ellis + EX15 3XX .Net Dev Net member + EX15 3XX
9
Context is Everything The ‘data’ may enable you to identify an individual whose name you do not know and may never intend to discover Photo of UWE that includes someone standing outside Photo of shifty looking person standing outside UWE
10
that processing must comply with…
Eight Principles that processing must comply with… Processed Fairly Only for specified reasons Adequate and not excessive Accurate and up to date Not held longer than necessary In accordance with subject’s rights Kept safe Not transferred outside EU
11
* except with the explicit consent of the subject
Principle 1 Personal data shall be processed fairly lawfully and only as necessary* * except with the explicit consent of the subject Necessary for the performance of a contract to which the data subject is a party or is seeking to be a party the data controller is subject to other legal obligations in order to protect the vital interests of the data subject (life and Death situations) Legal – limited by other regulations Duty of Confidentiality European Convention on Human Rights Legitimate expectation - as to how the data controller will use the information Fair Automated processing can be unfair where a program is of poor quality and does not operate as the data controller intended Where subject is deceived or misled as to the purpose for which the personal data are to be processed.
12
Principle 2 Personal data shall be obtained only for the specified purpose, and shall not be further processed in any manner incompatible with those purposes
13
Principle 3 Personal data shall be adequate, relevant and not excessive in relation to the purposes for which they are processed
14
Personal data shall be accurate and, where necessary, kept up to date
Principle 4 Personal data shall be accurate and, where necessary, kept up to date
15
Principle 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
16
Principle 6 Personal data shall be processed in accordance with the rights of data subjects under this Act
17
Principle 7 (pt1) Appropriate technical measures shall be taken to protect personal data* * against unauthorised or unlawful processing, accidental loss or destruction, and damage
18
Principle 7 (pt2) Appropriate organisational measures shall be taken to protect personal data* * against unauthorised processing, accidental loss or destruction, and damage
19
* unless that country ensures the same level of protection
Principle 8 Personal data shall not be transferred to outside the European Economic Area* * unless that country ensures the same level of protection
20
Summary – www.ico.gov.uk Eight Principles Processed Fairly
Only for specified reasons Adequate and not excessive Accurate and up to date Not longer than necessary In accordance with subject’s rights Kept safe Not transferred outside EU
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.