Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
The Data Protection Act
Transcript of The Data Protection Act
By Christopher Beadle
What Is The Data Protection Act
The data protection act is a policy formed by the government in 1998 to protect those people who had data held about them i.e. the data subjects. The 1998 act controls how personal information is used by organisations, companies,the government or anyone else who holds personal data for non-domestic purposes. It was formed to protect us as data these days is so easy to access when it is not controlled. If this act was not formed your sensitive and personal information could be exposed around the world to millions of people you don't know within a matter of days, and you would not be able to stop it.
Why was 1998 Data Protection Act Introduced
By the late 20th century data was mainly being digitally on computers. With the easy accessibility of digital data stored on a computer, it was now much easier to edit and search for the information you desired. Also cross referencing and sharing data was now much easier compared to when information was just written on paper, as computers are often networked together. With the new found ability of storing information digitally it was now much easier for information to get into to wrong hands and to be misused. In order to protect people and their privacy a new policy had to be formed to stop corruption of data and control how data is used and who has access to this data.
What are your rights as a data subject
1) A right of access to personal data held about them. A data subject has a right to be supplied with the personal data held about them by the data controller, who can charge a maximum fee of £10.
2) A right to correct mistakes. A data subject has the right to force the data controller to correct any mistake in information held about them.
3) A right to prevent distress. A data subject may prevent the use of information if would be likely to cause them any distress
4) A right to prevent direct marketing. A data subject has the right to stop activity in which their data is being used to sell them things e.g spam.
5) A right to prevent automated decisions. A data subject has the right to specify that they do not want the data users to make automated decisions where a computer will decide on for example an application for a loan.
6) A right to make complaints to the commissioner. A data subject has the right to make a request to the data commissioner that they review the personal data held about the subject who can enforce a ruling using the DPA, if necessary.
7) A right to compensation. A data subject is entitled to claim compensation for any damage caused, if any personal data held about is inaccurate, lost, or disclosed.
The eight principles
1) All data must be collected and used fairly and inside the law
2) Data must only be used for the purposes that have been specifically stated to the data subject
3) Information held must be adequate, relevant and not excessive for the purpose stated
4) All data held about a user must be completely accurate
5) All data must be kept only for as long as absolutely necessary
6) Data must be handled according to the data protection rights of the data subject
7) All data must be kept safe and secured
8) All data must not be transferred outside of the EEA (European Economic Area) unless there are sufficient provisions in place for its protections
Principle 1: All data must be collected and used fairly and inside the law
The data collector must state for what purposes any personal data will be used and how it will be processed. Also it must be stated that the information will be sent outside of the EEA (European Economic Area) if that is applicable. People collecting the data must have the subjects full consent to use the data in the way intended
Principle 2: Data must only be used for the purposes that have been specifically stated to the data subject
After data has been collected it may only be used in the ways that have been specifically stated to the data subject. The data may only be used for its original purpose that it was collected for. The purpose for the data must be reasonably and must obviously be lawful.
Principle 3: Information held must be adequate, relevant and not excessive for the purpose stated
There must be
enough data so the information isn't misunderstood however there must not be any more information than is necessary to fulfill the purpose stated and for information to be clear. Information cannot just be collected in case it may be useful later. This principle is important in case information got into the wrong hands, so if information was to be leaked then the personal information exposed would be kept to a minimum.
Principle 4: All data held about a person must be completely accurate
All data held about someone must accurate, otherwise false information about someone could be spread. The data subject may update and correct the data if it is no longer true or incorrect or have some
one else update the data. If the data subject requests that personal data they have to update the data. This principle is important as it could cause lots of damage if incorrect data was exposed.
Principle 5: All data must be kept only for as long as absolutely necessary
This principle means that data handlers cannot keep someones personal data any longer than necessary. As soon as the data is no longer needed the data handlers need to dispose of the data, since the longer someone else has a data subjects personal data the longer it is at risk.
Principle 6: Data must be handled according to the data protection rights of the data subject
How the data is handled must abide by the rights of the data subject. For example if the data subject requests to see a copy of the data held about him or her the request must be answered promptly and data must be given within 40 days of the request. Data handlers can charge a maximum fee of up to £10 for the copy. Also it is important that the information commissioner responds to any complaints from the data subject and takes reasonable action if need be. If the data subject finds a mistake in the information held about him/her and asks the information to be corrected the corrections have to be made. It is very important that these data protection rights of the data subject are met, otherwise the subject would have no control over how his/her personal information is handled and what could happen to it.
Principle 7: All data must be kept safe and secured
When handling someones personal data security is the highest priority. As a result of nearly all data being stored digitally on computers and nearly all computers are networked with other computers, it is becoming increasingly easier for people to access confidential information. Nowadays people can gain themselves access to highly confidential information while you are at the other side of the world, people can do this via hacking. The data handlers have to set up advanced firewalls and many other security systems to make the chances of someone successfully as small as possible. It is highly important to make sure data is protected as well as possible when exchanging information especially when exchanges occur via the internet. This is probably the most important principle since if personal gets in the possession of the wrong person the data subjects could be put at risk.
Principle 8: All data must not be transferred outside of the EEA (European Economic Area) unless there are sufficient provisions in place for its protections
Since the law is different in places outside of the EU it is important to be extra care when exchanging data outside of the EU. These exchanges should only take place when they are necessary to fulfill something. Also it is essential that the data subject is fully aware and contempt with the data transactions taking place. Although it is very important the data is secure when you have possession of, it is equally important that the data is going to be safe with the receiving organisation. It is important to make there are sufficient protection laws where the data is being sent. Since we cannot control affairs in outside of the EU it is essential that we know the data is going to be safe, because if data does leak outside of the EU, the situation would be completely out of our control
National security: Government security organisations at completely exempt from the Data Protection Act as it is in the interest of national security and secret intelligence. Therefore MI5 and MI6 are exempt however they do need a Government Minister to sign a certificate to say they are exempt.
Domestic Purposes: If information is only being used at home for personal reasons. For example a list of the addresses' of your friends so you know where live so you can visit them, or another example would be the having your friends birthdays on your calender so you do forget.
A data subject has no right to see information if it is about his/her health. A doctor may refrain from telling a data subject information about their health if they think it is a patients interest.
A pupil at a school has no right to access their personal files, or exam results before official publication
A data controller may keep data for any length of time if it is for research, statistical or historical purposes. For example something like ancestry.com can keep data forever to build up family records.
If research by journalist or academics is in the public interest it is classed as exempt from the the DPA
Taxmen or the police do not have to disclose information held if it is to prevent crime of taxation fraud.
A criminal has no right to see their police files.
VAT investigators do not have to show people their files.