The Data Protection Act 1 of 15 Boardworks

The Data Protection Act 1 of 15 © Boardworks Ltd 2010

This lesson will cover: The purpose of the Data Protection Act. What is meant by the terms data user, data subject and data controller. The eight guiding principles that data users must follow, and the rights of data subjects. Exemptions to the Data Protection Act. Icons key: For more detailed instructions, see the Getting Started presentation Flash activity. These activities are not editable. Teacher’s notes included in the Notes Page Student task accompanies this slide 2 of 15 Web addresses Functional Skills check Printable activity © Boardworks Ltd 2010

The need for data protection What is wrong with this picture? Most people would be shocked if this sort of information was displayed in a public place. Why? 3 of 15 © Boardworks Ltd 2010

What is the Data Protection Act? 4 of 15 © Boardworks Ltd 2010

The eight guiding principles There are eight data protection principles. According to the Act, data must be: 1. Processed fairly and lawfully. 2. Processed for a specific purpose. 3. Adequate, relevant and not excessive. 4. Accurate. 5. Kept for no longer than is necessary. 6. Processed in line with the rights of individuals. 7. Kept secure. 8. Not transferred to countries outside the European Economic Area unless there is adequate protection. 5 of 15 © Boardworks Ltd 2010

Recap 6 of 15 © Boardworks Ltd 2010

Sensitive data 7 of 15 © Boardworks Ltd 2010

Subjects and users 8 of 15 © Boardworks Ltd 2010

Who keeps and provides data? 9 of 15 © Boardworks Ltd 2010

Responsibilities of data users Data users must register with the Data Protection Commission. The Information Commissioner’s Office is responsible for regulating the Data Protection Act. Data users must specify: what data they want to store what they want to use it for how long they will keep it who they might pass it on to. They must also agree to follow the eight Data Protection Principles. 10 of 15 © Boardworks Ltd 2010

Rights of data subjects 11 of 15 © Boardworks Ltd 2010

Exemptions to the act There a few cases when the Data Protection Act does not apply. These are called exemptions to the act. Some examples include: national security – you cannot demand to see your data if national security is at stake police investigations – information being used to prevent crime is not covered (though police records are) examination results – these are exempt until they are published by the examining bodies. 12 of 15 © Boardworks Ltd 2010

Breaking the act 13 of 15 © Boardworks Ltd 2010

Case study In March 2007, the media reported that a number of high street banks had failed to comply with the Data Protection Act. An investigation was carried out after complaints that banks had been dumping customers’ personal details in bins outside their premises. Details of a bank transfer for £ 500, 000 were allegedly found outside a Nottingham branch of one bank. The Information Commissioner’s Office found that 13 firms had breached the Data Protection Act. Following the investigation, the firms agreed to comply with the act in the future. How would you react if this happened to your bank details? 14 of 17 © Boardworks Ltd 2010

Summary 15 of 15 © Boardworks Ltd 2010