Data Protection Act

Data Protection Act Year 11 Revision

Objectives By the end of this topic you will be able to: Identify the provisions of the 1998 Data Protection Act Identify the responsibilities of data users Identify the rights of data subjects Identify the full and partial exemptions to the act

Objectives By the end of this Lesson you will be able to: Identify the provisions of the 1998 Data Protection Act ALL – Will know why and when it was introduced MOST – Will define 4 of the principles and explain SOME – Will define 8 of the principles and explain

The Data Protection Act WHY was it introduced? The Data Protection Act grew out of public concern about personal privacy in the face of rapidly developing computer technology. It works in two ways, giving individuals certain rights whilst requiring those who record and use personal information on computer to be open about that use.

The Data Protection Act WHEN was it introduced? The Data Protection Act became law on 12 th July 1984 and was updated in 1998 It states that anyone processing ‘personal data’ must comply with the 8 enforceable principles of good practice.

The Data Protection Principles Data must be: Fairy and lawfully processed Processed for specified purposes Adequate, relevant and not excessive Accurate and, where necessary, up to date

Quick Check Question (objective - ALL) Why was the data protection act introduced? Answer Because the public were concerned about personal privacy in the face of rapidly developing computer technology

Quick Check Question (objective - ALL) When was the data protection act introduced? And when was it updated? Answer Introduced - 12 th July 1984 Updated - 1998

Quick Check Question What is meant by personal data? Answer Information about living identifiable individuals

Quick Check Question (objective - MOST) Tell me the first 4 principles of the Data Protection Act? Answer Data must be: F airy and lawfully processed P rocessed for specified purposes A dequate, relevant and not excessive A ccurate and, where necessary, up to date

The Data Protection Principles Data must be: Not kept longer than necessary Processed in accordance with the data subject’s rights Secure Not transferred to countries without adequate protection

Definitions Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address Data Subjects – The individuals to whom the personal data relate.

Definitions Data Users – Those who control the contents and use of a collection of personal data. They can be any type of company or organisation A data user does not necessarily own a computer

Quick Check Question (objective - Most) Tell me the last 4 principles of the Data Protection Act? Answer Data must be: N ot kept longer than necessary P rocessed in accordance with the data subject’s rights S ecure N ot transferred to countries without adequate protection

Quick Check Question Define Data Subjects? Answer The individuals to whom the personal data relate

Quick Check Question Define Data Users? Answer Those who control the contents and use of a collection of personal data

Data Users With few exceptions, all data users have to register to the Data Protection Registrar. They must give their name and address together with broad descriptions of: The items of data held The purpose for which the data are held Who will have access to the data The types of organisations to whom the information may be disclosed i.e. shown or passed on to Any overseas countries or territories to which the data may be transferred.

The Information Commissioner The information Commissioner enforces and oversees the Data Protection Act 1998 and the Freedom of information Act 2000. The Commissioner reports annually to Parliament. They promote good information handling and provide guidelines. They investigate complaints (act as Ombudsman) and provide help Their mission is to: “ Promote public access to official information and protecting your personal information”

The Rights of Data Subjects Apart from the right to complain to the registrar, data subjects also have a range of rights, these are: Right to compensation for unauthorised disclosure of data Right to compensation for inaccurate data Right to access to data and to reply for rectification or erasure where data are inaccurate Right to compensation for unauthorised access, loss or destruction of data

Exemptions from the Act The act does not apply to payroll, pensions and accounts data; Registration may not be necessary when the data are for personal, family, household or recreational use; Subjects do not have a right to access data if the sole aim of collecting it is for statistical or research purposes;

Exemptions from the Act Data can be disclosed to the data subjects agent (e.g. lawyer or accountant); Additionally, there are exemptions for special categories, including data held: In connection with national security For prevention of crime For the collection of tax or duty

TRUE or FALSE You only have to register with the Data Protection Registrar if you keep sensitive information on computer? FALSE The act does not differentiate between sensitive and non sensitive information. Even a simple name and address might be sensitive in certain circumstances

TRUE or FALSE Information can be stored on computer and passed on without my permission? TRUE Your consent is not required before information is stored or passed on about you. However, the act requires that the source of the data (usually you) is properly notified about what is happening to the information when it is given.

TRUE or FALSE There is one big computer at the registrars office that stores all the information about everyone in the country? FALSE The Registrars office has a register of all the data users and their processing activities.

TRUE or FALSE You have to have a computer to be a data user? FALSE The act defines a data user as the person in control of the contents and use of the information being processed, this could mean manual records too.

TRUE or FALSE ANYONE who holds and processes personal data must comply with the Act? FALSE There are exceptions (e.g. payroll, pensions and accounts data)

Quick Check Question (objective - SOME) Tell me the 8 principles of the Data Protection Act? Answer Data must be: F airy and lawfully processed P rocessed for specified purposes A dequate, relevant and not excessive A ccurate and, where necessary, up to date N ot kept longer than necessary P rocessed in accordance with the data subject’s rights S ecure N ot transferred to countries without adequate protection

Activity/Homework Read through the case study and answer the questions. Give detailed answers (not just one word answers) Come up with a way of remembering the 8 principles of the Data Protection act (not an acronym) F P A A N P S N

F riendly P eople A lways A sk N ice P lonkers S ometimes N ever F airy and lawfully processed P rocessed for specified purposes A dequate, relevant and not excessive A ccurate and, where necessary, up to date N ot kept longer than necessary P rocessed in accordance with the data subject’s rights S ecure N ot transferred to countries without adequate protection

Structure Hand in homework (case study) Introduce test (explain word) TEST Finish PowerPoint Discuss homework 8 principles

TEST Exam conditions – NO TALKING 30 minute test If you have finished you sit quietly and put your hand up. http://www.informationcommissioner.gov.uk/ We will then finish the unit

Data Protection Act

More Related Content

What's hot

Similar to Data Protection Act

More from mrmwood

Recently uploaded

In this document

Data Protection Act