2 Why does it exist?Organisations have always kept information about people.The Data Protection Act was in part enacted because of the impact of computer systems.
3 Why does it exist? (cont’d) Computers make it easy to copy informationComputers make it easy to distribute informationComputers make it easy to gather information from different sources in one place
4 What is it for? (cont’d) Not all computer systems are secure This can allow unauthorised access and the possibility of misuseThe Act was brought in to prevent the misuse of personal data
5 The 1998 ActCovers information or data - stored on a computer or an organised paper filing system, about living people.It established the role of the Information CommissionerAll organisations holding personal data must be registered with the Information Commissioner and abide by the laws laid out in the act
6 Personal Data The act sets up two types of personal data: nameaddressmedical detailsbanking details.Sensitive personal data:racial or ethnic originpolitical opinions- religionmembership of a trade unionHealthsexual lifecriminal activityThere are more safeguards about sensitive data than ordinary personal data.
7 Terms in the Act Some key terms are: Data Subject - is someone who has data about them stored somewhere, outside their direct control.Data Controller - the person or organisation that stores personal dataYou will also need to remember the Eight Data Protection Principles…
8 Eight Data Protection Principles Data should be processed fairly and lawfully.Data should be obtained for one or more specified lawful purposes.Data shall be adequate, relevant and not excessive.Data shall be accurate.Data is not kept longer than is necessary for its purpose.Data shall be processed in accordance with subject rightsAppropriate measures shall be taken against unauthorised/unlawful processing, loss, destruction, damage to personal data.Data must not be transferred to countries which do not provide adequate protection
9 Data Subject RightsAccess A data subject has a right to be supplied by a data controller with the personal data held about him or her.Prevent Distress A data subject may prevent the use of information if it would be likely to cause them distress.Prevent Direct Marketing A data subject may stop their data being used in attempts to sell them things (e.g. by junk mail or cold telephone calls.)To be informed about mechanics of automated decision taking process that will significantly affect themPrevent Automatic Decisions A data subject may specify that they do not want a data controller to make "automated" decisions about themTo take action for compensation if they suffer damage by any contravention of the ActTo take action to rectify, block, erase or destroy inaccurate dataTo request the Commissioner to assess whether any provision of the Act has been contravened
10 ExemptionsExemptions into one of two types:CompletePartial
11 Complete Exemptions1. Personal data held for domestic purposes only at home, e.g. a list of your friends' names, birthdays and addresses does not have to keep to the rules.2. Any personal data that is held for a national security reason is not covered. So MI5 or MI6 don't have to follow the rules. They do need to get a Government Minister to sign a certificate saying that they are exempt.
12 Partial ExemptionsThe taxman or police do not have to disclose information held or processed to prevent crime or taxation fraud.A data subject has no right to see information stored about them if it is to do with their health.A school pupil has no right of access to personal files, or to exam results before publication.A data controller can keep data for any length of time if it is being used for statistical, historical or research purposes.Some research by journalists and academics is exempt if it is in the public interest or does not identify individuals.Employment references written by a previous employer are exempt.Planning information about staff in a company is exempt, as it may damage the business to disclose it.
13 Something to think about… The school cleaner notices that her personal details are visible on a secretary’s computer screen after the secretary has gone home. Her telephone number is recorded incorrectly and her address is out of date.Why should the cleaner concerned about this?How has the Data Protection Act been contravened?
14 References BBC Bitesize Information CommissionerLetts EducationLoughborough University
15 GlossaryData Protection Act - A law designed to protect personal data stored on computer.Information Commissioner - The official who supervises the enforcement of the Data Protection Act.data controller - The person or organisation that stores personal data.data subject - The person about whom data is stored.personal data - Information about a particular person.