Data must be... 1.fairly and lawfully processed (used) 2.used for limited purposes 3.adequate and relevant. Only what is needed may be used 4.accurate 5.not kept for longer than is necessary 6.accessible to the individual and able to be corrected or removed where necessary 7.secure 8.not transferred to countries without adequate protection.
Possible Legal Implications if any of the 8 rules are breached For serious breaches organisations can be made to pay up to £500000 The organisation can be prosecuted/fined/sued if the data is stolen and not held securely
Data held must be protected from lost, so if the data is lost an offence has occurred. Furthermore the organisation will need to tell the person whose data it was. The information commissioner can issue the organisation to improve their data security. The information commissioner can serve an assessment to investigate their data security.
What are the implications for someone if their data is stolen?
You may need to change some of your details because personal data that is lost may allow access to your bank account Steve’s account may get money taken out as Steve’s personal details allow others to impersonate him
Antivirus – To protect files from virus’ Access permissions and user accounts – Only let certain people view files Password protect files – so people can’t just open them Use secure networks – Password protect your network
Exemptions Any personal data that is held for a national security reason is not covered. So MI5 and MI6 don't have to follow the rules. The taxman or police do not have to disclose information held or processed to prevent crime or taxation fraud. Criminals cannot see their police files. Tax or VAT investigators do not have to show people their files. A school pupil has no right of access to personal files, or to exam results before publication.
The roles of those involved A data subject is someone who has data about them stored somewhere, outside of their direct control. e.g. a bank stores its customers' names, addresses and phone numbers. A data controller is a person or company that collects and keeps data about people. The Information Commissioner is the person (and his/her office) who has powers to enforce the Act.
Questions – Full Sentences (Copy Question) 1.What is an online calendar? 2.Give 3 uses for a company using an online calendar? 3.What is the DPA? 4.Give 2 possible legal implications for an organisation if they breach the DPA? 5.What can happen if personal details are stolen? 6.How can data be protected?