The Data Protection Act 1998 in UK Abstract Data protection influences positively attitudes and decision making in people’s everyday life. Understanding the acts and the attitudes, as well as the citizen participant’s motivations is an important component of all of this. Thus, this study examines the special role that data protection has in our everyday life. Within this framework the need for data protection legislation as well as its purpose is examined. Background of the data protection act is a primary factor of the legislation in the area. One of the ways that society might influence all of this is to understand the principles, security and subject rights as well as the penalties of the act.
The need for data protection legislation The Data Protection Act mission was to replace earlier legislation such as Data Protection Act 1984 and to implement the European Data Protection Directive. In some aspects, notably electronic communication and marketing, it has been refined by subsequent legislation for legal reasons. The Privacy and Electronic Communications (EC Directive) Regulations 2003 altered the consent requirement for most electronic marketing to “positive consent” such as an opt in box. Exemptions remain for the marketing of “similar products and services” to existing customers and enquirers, which can still be given permission on an opt out basis.
The Act’s definition of “personal data” covers any data that can be used to identify a living individual. Anonymized or aggregated data is not regulated by the Act, providing the anonymisation or aggregation has not been done in a reversible way. Individuals can be identified by various means including their name and address, telephone number or Email address. The Act applies only to data which is held, or intended to be held, on computers (‘equipment operating automatically in response to instructions given for that purpose’), or held in a ‘relevant filing system’. In some cases even a paper address book can be classified as a ‘relevant filing system’, for example diaries used to support commercial activities such as a salesperson’s diary. The Freedom of Information Act 2000 modified the act for public bodies and authorities, and the Durant case modified the interpretation of the act by providing case law and precedent. The Data Protection Act creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data. The person who has their data processed has the right to:
The background of the Data Protection Act from 1998 lies in 1995 when the European Commission adopted the Data Protection Directive. The basic aim of the Directive was to harmonize data protection legislation throughout the European Union. That was basically the reason why each member state had the obligation to implement it in its national legislation by 24 October 1998.
The Eight Principles of Data Protection – an explanation of each of the eight principles of the Data Protection Act
The data subject (the person whose data is stored) has consented (“given their permission”) to the processing.
In the first principle emphasis is placed on “clear language” because hiding your processing in complex terms is not to be regarded as fair. Neither is it regarded as fair to have a fair processing notice in tiny print at the foot of your form. Lawful means that other relevant laws in connection with the data must be complied with at the same time as the fair processing code. For example, laws such as copyright and the common law of confidentiality.
Principle 2 amplifies Principle 1 by adding that your school must have a very specific reason or purpose for processing data. Further, the data can only be processed for that purpose and no other and what’s more, all other processing must be comparable with the specified purpose. In short, if data are collected for personnel administration then personnel administration is all that you can do with it.
Principle three is especially important in respect of data collection exercises that have been undertaken repeatedly over a long period of time. Often in such cases, the information originally collected becomes embellished with other information that is collected because it might become useful. This is a classic example of excessive and irrelevant data collection.
Principle four states the reasons for having accurate personal data is to avoid inconvenience or even damage or distress. For example, if you need to contact a parent or carer in an emergency, yet do not have the correct telephone number this could result in distress for both parent and child. The Data Protection Act conveys the right to receive compensation where substantial damage or distress takes place so this could also be costly for school.
Principle five has implications in terms of accuracy. The longer you hold “live” files, the longer you will need to ensure that they are accurate. Also, the longer that information is retained after its useful life, the less it becomes relevant and thus inconsistent with the Third Principle. Holding information that no longer has any useful purpose could also be regarded as excessive, which again is inconsistent with the Third Principle.
The sixth principle has implications for how personal information can be used by your school. They are particularly important when it comes to disclosing information, or using information for more than one purpose.
The seventh principle puts main emphasis is on surrounding personal data with a suitable degree of security. This does not just mean security on computer systems (such as password protection and the positioning of screens etc.), it also includes organizational security such as locking filing cabinets wherever possible; clearing confidential files from desks (or at least covering them up); making sure that waste personal data is disposed of confidentially by shredding, etc.
The eighth principle is more profoundly explained in the topics below. Data Security and Subject Rights – the importance of data security, real life cases, what is expected of businesses, how to deal with lost data and subject access requests and data subjects’ rights. Using globalization as a starting point I must state that data security in small, or large companies, in public or private institutions should be built in from the start. That is the reason why that chapter of my study will reveal the way in which global process intersect, overlap and clash when the issue of data storage is concerned. If we have one major company that experiences a serious information breach, then as a consequence we will have millions of people potential victims of identity theft. All these makes sense, because big companies often have access to the personal data of millions of people.
However, the fact is that no matter how big the company is – it is put on risk. When a transcription company that worked with Boston Medical Center suffered from a data breach due to mediocre security measures, it exposed the sensitive medical information of nearly 15,000 patients. While this number is small relative to Target’s massive data breach, it’s still significant—not only to the people whose information was stolen, but also to the transcription company that made the error. Boston Medical Center cut its ties with the company, its reputation was tarnished, and it opened itself up to the possibility of numerous lawsuits and government action.
That is why the data subject’s rights should be addressed. In brief, they state that there exists a right of access to a copy of the information comprised in the personal data; there is a right to prevent processing for the purposes of the direct marketing; there exist the right to object to decisions being taken by automated means and there is a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and a right to claim compensation for damages caused by a breach of the Act.
In order to verify such issues, of course, more empirical simultaneous comparative studies are required. Unfortunately, few studies on the Data Protection Act have adopted comparative approach; most of them used the method of the cabinet study of the Act itself, which gives rise to a certain type of problems. These aspects are even widely considered in the topics below.
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers. You can order our professional work here.