Legal issues The Data Protection Act 1998 Legal

Legal issues The Data Protection Act 1998

Legal issues What the Act covers • The misuse of personal data • By organizations and businesses

Legal issues The terms used in the Act You will need to be able to define each of the following terms: • Personal data – data about a living identifiable person, which is specific to that person • Data subject – the living individual whom the personal information is about • Data holder/controller - the person whose responsibility it is in an organization to control the way that personal data is processed • Information Commissioner – the person responsible for enforcing the Act. They also promote good practice and make everyone aware of the implications of the Act.

Legal issues Personal data 1 Personal data is: • Data about an identifiable person • who is living • and is specific to that person

Legal issues Personal data 2 Personal data can include: • Date of birth • Medical details • Credit history • Salary • Qualifications • Religious beliefs

Legal issues Notification by the data holder The Information Commissioner needs to know that an organization is processing personal information Notification involves the data holder telling the Information Commissioner what personal data is processed and why it is processed

Legal issues Subject access Subjects are able to see information held. Purpose is to let them check it is correct. If information is wrong they can either: • have the right to compensation if they have occurred loss or injury as a result • have the right to having the information changed or deleted

Legal issues Exemptions 1 • Where data is used for personal, family or household use • Where the data is used for preparing text (e. g. , references) • Where the data is being used for the calculation of pay or pensions • Where data is being used for mailing lists provided only name and address details are stored • Where the data is used by a sports or recreational club that is not a limited company.

Legal issues Exemptions 2 • Data used for the prevention or detection of crime • Data used for the apprehension or prosecution of offenders • Data used for the assessment or collection of tax or duty • Medical records of social worker reports.

Legal issues The Data Protection Principles • The Data Protection Act 1998 contains eight Data Protection Principles • Anyone processing personal information has to process data according to these principles • You will be asked to list three or more in your exam

Legal issues Principle 1 Personal data shall be processed fairly and lawfully.

Legal issues Principle 2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Legal issues Principle 3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Legal issues Principle 4 Personal data shall be accurate and, where necessary, kept up to date.

Legal issues Principle 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Legal issues Principle 6 Personal data shall be processed in accordance with the rights of data subjects under this Act.

Legal issues Principle 7 Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Legal issues Principle 8 Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Consider the Cloud!

Legal issues Rights of the subject • A Right of Subject Access A data subject has a right to be supplied by a data controller with the personal data held about him or her. The data controller can charge for this (usually around £ 10 pounds). • A Right of Correction A data subject may force a data controller to correct any mistakes in the data held about them. A Right to Prevent Distress A data subject may prevent the use of information if it would be likely to cause them distress.

Legal issues Rights of the subject • A Right to Prevent Direct Marketing A data subject may stop their data being used in attempts to sell them things (eg by junk mail or cold calling. ) • A Right to Prevent Automatic Decisions A data subject may specify that they do not want a data user to make "automated" decisions about them where, through points scoring, a computer decides on, for example, a loan application. • A Right of Complaint to the Information Commissioner A data subject can ask for the use of their personal data to be reviewed by the Information Commissioner who can enforce a ruling using the DPA. The Commissioner may inspect a controller's computers to help in the investigation.

Legal issues Rights of the subject • A Right to Compensation The data subject is entitled to use the law to get compensation for damage caused ("damages") if personal data about them is inaccurate, lost, or disclosed.

Legal issues Physical Methods to prevent unauthorised access to computer systems • • • Locks Clamps Alarms Surveillance Location

Legal issues Data Protection Act Scenarios • Find three news stories from the internet. • Write a short paragraph about each stating what the story was about, what principals of the data act was violated and what were the consequences.