Data protection Act 1998

By Hannah

What is the data protection act?

The Data Protection Act, is a law designed to protect personal data stored on computers or in an organised paper filing system.

Big image

The need for the data protection act.

Databases are easily accessed, searched and edited. It’s also easier to cross reference information stored in two or more databases than if the records were paper-based. The computers on which databases resided were often networked. This allowed for organisation-wide access to databases and offered an easy way to share information with other organisations. Allowing them easily to hack as they wish.

The purpose of the Data Protection Act

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws as often information is held in more than one country.

How the Data Protection Act works

The data protection act was developed to give protection and lay down rules about how data about people can be used.

The 1998 Act covers infomation or data stored on a computer or an organised paper filing system about living people.

The basic way it works is by:

  1. setting up rules that people have to follow
  2. having an Information Commissioner to enforce the rules

The roles of those involved

  1. The Information Commissioner is the person (and his/her office) who has powers to enforce the Act.
  2. A data controller is a person or company that collects and keeps data about people.
  3. A data subject is someone who has data about them stored somewhere, outside of their direct control. For example, a bank stores its customers' names, addresses and phone numbers. This makes us all data subjects as there can be few people in the UK who do not feature in computer records somewhere.

Registration with the Information Commissioner

Any organisation or person who needs to store personal information must apply to register with the Information Commissioner.

Data controllers must declare what information will be stored and how it will be used in advance. This is recorded in the register.

Each entry in the register contains:

  1. The data controller's name and address.
  2. A description of the information to be stored.
  3. What they are going to use the information for.
  4. Whether the data controller plans to pass on the information to other people or organisations.
  5. Whether the data controller will transfer the information outside the UK.
  6. Details of how the data controller will keep the information safe and secure.