Data Protection Act
The Data Protection Act (1998)
Computer systems now hold the personal information of millions of people. The data protection act helps ensure that this information is protected as much as possible so that it remains private and is not misused.
There are Eight Basic Principles to the Data Protection Act
- It must be collected and used fairly and inside the law.
- It must only be held and used for the reasons given to the Information Commissioner.
- It can only be used for those registered purposes and only be disclosed to those people mentioned in the register entry. You cannot give it away or sell it unless you said you would to begin with.
- The information held must be adequate, relevant and not excessive when compared with the purpose stated in the register. So you must have enough detail but not too much for the job that you are doing with the data.
- It must be accurate and be kept up to date. There is a duty to keep it up to date, for example to change an address when people move.
- It must not be kept longer than is necessary for the registered purpose. It is alright to keep information for certain lengths of time but not indefinitely. This rule means that it would be wrong to keep information about past customers longer than a few years at most.
- The information must be kept safe and secure. This includes keeping the information backed up and away from any unauthorised access. It would be wrong to leave personal data open to be viewed by just anyone.
- The files may not be transferred outside of the European Economic Area (that's the EU plus some small European countries) unless the country that the data is being sent to has a suitable data protection law. This part of the DPA has led to some countries passing similar laws to allow computer data centers to be located in their area.
Watch the video for some more information.
Data Protection... What you need to know
There are a few exemptions where personal data is not protected by the data protection act. For example, national security agencies such as MI5 and MI6 do not have to follow the rules.
Click the link for more information on the Data Protection Act.