[NCBI_ECDL_class] data protection notes etc

Data protection act

 The Data Protection Act (1998) 
Because of the increasing amount of personal data that was being collected the 
Data Protection Act was passed in 1984. It was updated in 1998 because of the 
increasing use of computers to store and distribute the data.

The Data Protection Act is there to protect you - not businesses.

It is there to ensure that data which is collected about you is collected, used 
and stored properly.

 

 Data Protection Terms 
Here are some terms which you need to understand and remember: 

Personal Data
Personal data covers both facts and opinions about a living individual. Facts 
would include name, address, date of birth, marital status or current bank 
balance. Results in examinations, details of driving offences, record of 
medicine prescribed and financial credit rating are further examples of facts 
that could relate to an individual. 

 

Data Subject
This is the person that the data is being collected from or stored about. This 
could be you!



Data User
This is any person who needs to access or use the data as part of their job. 
This could be a secretary who needs to look up your address so that they can 
send a letter home to your parents. It could be your doctor who needs to know 
what allergies you have before prescribing you medicine.

 

Data Controller
This is often the person in charge of the organisation - but it doesn't 
necessarily have to be. 

This person decides what data the organisation needs to collect and what it 
will be used for. 

This is the person who must apply for permission to collect and store data in 
the first place.

 

Data Commissioner
This is the person who enforces the Data Protection Act. 

This is the person that organisations need to apply to in order to gain 
permission to collect and store personal data.

 

10. Eight principles 
Data Controllers must ensure that their organisation follows the eight 
principles of the Data Protection Act when dealing with personal data.

It is unlikely that you will be asked to know all 8 principles by heart, but 
you must have an understanding of them and be able to discuss at least three of 
four of them.

 

      The Eight Principles 
     
      Principle
     What it means 
     
      Personal data should be obtained and processed fairly and lawfully 
     This means that you should be told that data is being collected about you, 
and you should know what the data will be used for.
     
      Personal data can be held only for specified and lawful purposes 
     The Data Controller has to state why they want to collect and store 
information when they apply for permission to be able to do so. If they use the 
data they have collected for other purposes, they are breaking the law.
     
      Personal data should be adequate, relevant and not excessive for the 
required purpose 
     Organisations should only collect the data that they need and no more. 
Your school needs to know your parent's phone number in case they need to 
contact them in an emergency. However, they do not need to know what your 
grandmother's name is, nor do they need to know your eye co lour. They should 
not ask, nor should they store such details since this would be excessive and 
would not be required to help with your education.
     
      Personal data should be accurate and kept up-to-date
     Companies should do their best to make sure that they do not record the 
wrong facts about a data subject. Your school probably asks your parents to 
check a form once a year to make sure that the phone number and address on the 
school system is still correct.If a person asks for the information to be 
changed, the company should comply if it can be proved that the information is 
indeed incorrect.
     
      Personal data should not be kept for longer than is necessary 
     Organisations should only keep personal data for a reasonable length of 
time. Hospitals might need to keep patient records for 25 years or more, that 
is acceptable since they may need that information to treat an illness later 
on. However, there is no need for a personnel department to keep the 
application forms of unsuccessful job applicants.
     
      Data must be processed in accordance with the rights of the data subject 
     People have the right to inspect the information held on them (except in 
certain circumstance - see later). If the data being held on them is incorrect, 
they have the right to have it changed.
     
      Appropriate security measures must be taken against unauthorised access 
     This means information has to be kept safe from hackers and employees who 
don't have rights to see it. Data must also be safeguarded against accidental 
loss.
     
      Personal data cannot be transferred to countries outside the E.U. unless 
the country has similar legislation to the D.P.A. 
     This means that if a company wishes to share data with an organisation in 
a different country, that country must have similar laws to our Data Protection 
Act in place.
     

 

Personal data covers both facts and opinions about a living individual. Facts 
would include name, address, date of birth, marital status or current bank 
balance. Results in examinations, details of driving offences, record of 
medicine prescribed and financial credit rating are further examples of facts 
that could relate to an individual. 

 

Data Subject
This is the person that the data is being collected from or stored about. This 
could be you!



Data User
This is any person who needs to access or use the data as part of their job. 
This could be a secretary who needs to look up your address so that they can 
send a letter home to your parents. It could be your doctor who needs to know 
what allergies you have before prescribing you medicine.

 

Data Controller
This is often the person in charge of the organisation - but it doesn't 
necessarily have to be. 

This person decides what data the organisation needs to collect and what it 
will be used for. 

This is the person who must apply for permission to collect and store data in 
the first place.

 

Data Commissioner
This is the person who enforces the Data Protection Act. 

This is the person that organisations need to apply to in order to gain 
permission to collect and store personal data.

 

 

 

JPEG image

JPEG image

JPEG image

JPEG image

Other related posts:

  • » [NCBI_ECDL_class] data protection notes etc - Joe Lonergan