GCSE Information and
Communication Technology
.: Home .: ICT and Society .: The Data Protection Act

 

The Data Protection Act

Data is stored somewhere about every aspect of our daily lives. When you are born a birth certificate is created, and when you die, they issue a death certificate. If you use a loyalty card in a shop then the details of your shopping habits are recorded. The school that you go to holds information about you; your bank knows how much money you have; your doctor knows about your health.

A lot of this data is sensitive and we don't want everyone to find out about it. We need to protect this information ... and, for this purpose, there is a law that is in place to protect all the data that relate to our daily lives.

The 1998 Data Protection Act

The Data Protection Act of 1998 (you can read the act itself if you click here) replaces the earlier version which became law in 1984. This is quite a new legal area reflecting the huge changes that have occurred in Information Technology. Fourteen years after the first Data Protection Act became law it had to be updated to include new areas that needed to be considered for our protection: the Internet and Marketing Databases. The Act covers all data processing ... whether you use a computer or simply write things down in a book.

The Act comprises of eight main Data Protection Principles:

1 one Personal data shall be processed fairly and lawfully, and can only happen if:
  • you have given permission to process the data
  • it has to be done to carry out a contract that you have set up
  • the person holding the data has, legally, got to process that data
  • it protects your best interests
  • it helps the justice or governmental procedures
 
2 Personal data can only be collected for certain specific purposes ... and can't be used for other purposes
e.g. your bank can't sell your name and address to marketing companies (unless you agree)		 two  
 
3 three Personal data should be adequate and relevant to the purpose for which it should be used
e.g. your dentist really only needs to hold details about your teeth and some other medical facts ... if they want to know your bank details - don't tell them (unless you want to)		  
 
4 Personal data should be kept up to date
e.g. your school keeps details of your exam grades ... if you resit an exam and get different grades then they need to be changed		 four
 
5 five Personal data shall not be kept for longer than it is required to carry out the process for which it was collected
e.g. schools need to keep lots of personal details about you while you are there - once you leave these have to be destroyed		  
 
6 Personal data shall be processed with respect to your personal rights under the Data Protection Act six  
 
7 seven Care must be taken by anyone holding your personal data that it it isn't lost or destroyed ... or it isn't accessible to anyone who you haven't authorised
e.g. you buy some shoes from a shop using a credit card ... that shop must protect your bank details		  
 
8 Anyone holding your personal data should not transfer it out of the European Economic Area unless the country to which it is being transferred is able to ensure that they can offer the same protection as the Data Protection Act eight

If someone holds data about you then that person is called the data controller and you, in this case, are the data subject. You have the right to see any of your personal details held by a data controller and for them to explain why they are holding it. They have to do this within 40 days of your formal request (though they may charge you).
There is some personal data that you can't demand to see, however. For example, if the data is being used to prevent a crime or prosecute an offender; if its being used for tax collection; and some medical reports.

Exemptions

If you use personal data you have to register with the Data Protection Commissioner. Failure to do so could lead to a large fine. However, in some cases data controllers are exempt:

  • if the data is just for family or household use (for example, your own address book)
  • if the data is to be used for calculating wages
  • mailing lists (this includes junk mail)
  • if the data is held by a sports club (or similar)

 

Now answer these questions ...

  1. When did the Data Protection Act become law ?
  2. How many Data Protection Principles are there ?
  3. What is the name of the person holding personal data ?
  4. What name is given, legally, to the person whose data is being stored ?
  5. Are there any exemptions to the Data Protection Act ?

You scored out of 5 on that test
© 2003 J Ewart | S Peters