Data Protection Act (1998)
In the 1990s, with more and more organisations using digital technology to store and process personal information, there was a danger this information could be misused. The Data Protection Act of 1998 was designed to tackle this issue.
Data stored electronically is vulnerable as it is very easy to copy it to a removable drive or to email/ transfer it via the internet. Individuals who had data stored about them data subjectAnyone who has data stored about them. had several concerns:
- Who could access this information?
- How accurate was the information?
- Could it be easily copied?
- Was it possible to store information about a person without that individual's knowledge or permission?
The Data Protection Act aims to safeguard all information held about an individual classified as personal (e.g., name, address, financial details) or sensitive (e.g., ethnicity, political opinion, religion). The act ensures data stored about you is processed fairly and lawfully. For example, there are strict rules as to who can access and alter your health records. Regular checks are made to ensure that the rules of the Data Protection Act are being followed.
Principles of the Data Protection Act:
- Data must be collected and used fairly and inside the law
- Data must only be held and used for the reasons given to the Information CommissionerThe individual responsible for enforcing the Data Protection Act.
- Data can only be used for those registered purposes. You cannot give it away or sell it unless you said you would initially. For example, your school could not sell pupils' data to a book or uniform supplier without permission
- The data held must be acceptable, appropriate and not beyond what is necessary when compared with the purpose for which the data is held
- Data must be accurate and be kept up to date. For example, making sure data subjects' contact numbers are current
- Data must not be kept longer than is necessary. This rule means that it would be wrong to keep information about past customers longer than a few years at most
- Data must be kept safe and secure, for example, personal data should not be left open to be viewed by just anyone
- Data may not be transferred outside of the European Economic AreaThe EEA is an area of free trade and free movement of peoples comprising the member states of the European Union, in addition to Norway, Iceland and Liechtenstein (that's the EU plus some small European countries) unless the country where the data is being sent has a suitable and similar data protection law. This part of the Data Protection Act has led to some countries passing compatible laws to allow computer data centres to be located in their jurisdiction