The Data Protection Act
The Data Protection Act (1998) came into force on 1st March 2000. It
sets rules for processing personal information and applies to paper
records as well as those held on computers. It was brought out because
computers were getting more powerful and easy to use. Companies,
government and other organisations began to use them to store large
amounts of information about people, such as their customers, clients
and staff details. Databases with this information can be quickly set
up, searched, edited and accessed and take up less space than paper
records. So company’s send peoples personal data to one company to the
other so that were a danger in case someone tries to access some ones
personal details with out permission.
The Data Protection Act has 8 principles they are;
1) It must be collected and used fairly with in the law
2) It must only be held and used for the reasons given to the
3) It can only be used for those registered purposes and only be
disclosed to those people mentioned in the register entry. You cannot
give it away or sell it unless you said you would on the form
4) The information held must be adequate (enough), relevant and not
excessive (too much) when compared with the purpose stated in the
register. So you must have enough detail but not too much for the job
that you are doing with the data.
5) It must be accurate and be kept up to date. There is a duty to keep
it up to date, for example to change an address when you move.
6) It must not be kept longer than is necessary for the registered
purpose. It is all right to keep information for certain lengths of
time but not indefinitely. This rule means that it would be wrong to
keep information about past customers longer than a few years at most.
7) The information must be kept safe and secure. This includes keeping
the information backed up and away from any unauthorised access. It
would be wrong to leave personal data open to be viewed by just anyone
8) The files may not be transferred outside of the European Economic
Area (that's the EU plus some small European countries) unless the
country that the data is being sent to has a suitable data protection
law. This part of the Act has led to some countries passing similar
laws to allow computer centres to be located in their area.
My school ensures they comply with the DPA (Data Protection Act) in
dealing with student’s personal data by only letting trusted members
of staff handle student’s personal data. This law works very well
because other companies cannot take any one else’s personal detail
with out their permission.
There have been many situations where many companies/organisations
have been prosecuted for disobeying the Data Protection Act and here
is an example of an organisation....