Understanding the Data Protection Act 1998
|
|
The Data Protection Act 1998 took effect on 1 March 2000 to cover
information processed over the internet, via e-mail and conveyed by telephone
or post. Replacing the Data Protection Act 1984, it seeks to protect business
and individuals' interests in line with the EU Data Protection Directive. It is
controlled by the office of the Data Protection Commissioner, who replaces the
Data Protection Registrar. The Data Protection Commissioner has issued guidelines based on the
Act which can be accessed at
www.dataprotection.gov.uk. A copy of the Data Protection
Act 1998 can be found
here. What should I know?The data protection
legislation regulates the use of personal information. The 1984 Act's basic
principles remain unchanged and include:- A requirement to register with the Data Protection
Registrar
- An obligation to comply with data protection
principles
- A person's right to be informed of data held about
them
- The subject's right to change or delete such data if it is
inaccurate or incorrect
- The subject's right to claim compensation or damages due to
loss, destruction, inaccuracy or unauthorised disclosure of personal
data
- The registrar's power to issue transfer prohibition notices to
prevent transfers of data outside the UK
The new Act's eight data protection principles require that personal
data is: - Processed fairly and lawfully, unless certain pre-conditions
are met
- Only stored for specified and legitimate purposes
- Adequate, relevant and not excessive for serving its
purpose
- Accurate and up-to-date
- Not kept for longer than required
- Processed according to the data subject's rights
- Processed in a secure manner with appropriate measures taken
against unauthorised use or accidental loss, destruction or damage
- Not transferred to a country or territory outside the European
Economic Area unless the data subject's rights are adequately
protected
Under the 1998 Act, data is defined as information which is: (a) automatically processed by equipment operating in response to
instructions given for that purpose (b) is recorded with the intention that it should be processed in
this way (c) is recorded as part of a relevant filing system (d) does not fall within (a), (b) or (c), but forms part of an
accessible record. All information obtained electronically is data and is covered by the
Act wherever it relates to an identifiable individual.
| 
