Data Protection Act 171 Computers and privacy There are problems as more computers are used There...

Data Protection Act 17 Data Protection Act 17 11

Computers and privacy Computers and privacy There are problems as more computers are usedThere are problems as more computers are used More and more information is stored on computers.More and more information is stored on computers. By linking the information gained by several computers together so it is By linking the information gained by several computers together so it is

possible to build up complete picture of person's life.possible to build up complete picture of person's life. So in this way privacy of a person will become lessSo in this way privacy of a person will become less A person goes to abroad then computer stored these kinds of informationA person goes to abroad then computer stored these kinds of information Example:Example: Travel companies computers data Travel companies computers data Bank’s computers Bank’s computers Travel insurance companiesTravel insurance companies LibraryLibrary


Loyalty cards Loyalty cards Large store chains now have what is called a loyalty card Large store chains now have what is called a loyalty card

schemescheme Each time customer uses the card, points are addedEach time customer uses the card, points are added When the no of points earned reaches a certain value When the no of points earned reaches a certain value

customers are given voucher customers are given voucher Working of Loyalty cardsWorking of Loyalty cards Fills an application formsFills an application forms Customer is given a loyalty card that contain magnetic strip Customer is given a loyalty card that contain magnetic strip When making their purchases the loyalty card links the When making their purchases the loyalty card links the

customers to their purchases customers to their purchases Card adds certain no of points based on their bill and the items Card adds certain no of points based on their bill and the items

bought to the total bought to the total


Store things added few informationStore things added few information What newspaper and magazines you readWhat newspaper and magazines you read What drink u likeWhat drink u like The method of purchaseThe method of purchase Whether u have petrol or gas carWhether u have petrol or gas car What pets you haveWhat pets you have Why electronic stored information is easierWhy electronic stored information is easier Cross referencing Cross referencing Danger of hacking Danger of hacking Making alterationsMaking alterations Faster access to data Faster access to data


Reason behind data protectionReason behind data protection

As more and more information come to be As more and more information come to be stored on computers much of its personal data stored on computers much of its personal data about individuals, there became the need for about individuals, there became the need for some sort of control over the way that it was some sort of control over the way that it was collected and the way it could be used collected and the way it could be used


1998 Data Protection Act1998 Data Protection Act

This act replaces the earlier Data Protection Act 1984This act replaces the earlier Data Protection Act 1984 Covers manually held data not covered by the earlier Covers manually held data not covered by the earlier

Act Act This act covers the processing of data either manually This act covers the processing of data either manually

or by the computeror by the computer This act deal with some of the things that were not This act deal with some of the things that were not

around when the older act was introduced likearound when the older act was introduced like InternetInternet Loyalty cardLoyalty card Use of huge database for marketing purposesUse of huge database for marketing purposes


Eight PrinciplesEight PrinciplesThe Eight Principles

Principle What it means

Personal data should be obtained and processed fairly and lawfully

This means that you should be told that data is being collected about you, and you should know what the data will be used for.

Personal data can be held only for specified and lawful purposes

The Data Controller has to state why they want to collect and store information when they apply for permission to be able to do so. If they use the data they have collected for other purposes, they are breaking the law.

Personal data should be adequate, relevant and not excessive for the required purpose

Organisations should only collect the data that they need and no more. Your school needs to know your parent's phone number in case they need to contact them in an emergency. However, they do not need to know what your grandmother's name is, nor do they need to know your eye co lour. They should not ask, nor should they store such details since this would be excessive and would not be required to help with your education.

Personal data should be accurate and kept up-to-date

Companies should do their best to make sure that they do not record the wrong facts about a data subject. Your school probably asks your parents to check a form once a year to make sure that the phone number and address on the school system is still correct.If a person asks for the information to be changed, the company should comply if it can be proved that the information is indeed incorrect.


Personal data should not be kept for longer than is necessary

Organisations should only keep personal data for a reasonable length of time. Hospitals might need to keep patient records for 25 years or more, that is acceptable since they may need that information to treat an illness later on. However, there is no need for a personnel department to keep the application forms of unsuccessful job applicants.

Data must be processed in accordance with the rights of the data subject

People have the right to inspect the information held on them (except in certain circumstance - see later). If the data being held on them is incorrect, they have the right to have it changed.

Appropriate security measures must be taken against unauthorised access

This means information has to be kept safe from hackers and employees who don't have rights to see it. Data must also be safeguarded against accidental loss.

Personal data cannot be transferred to countries outside the E.U. unless the country has similar legislation to the D.P.A.

This means that if a company wishes to share data with an organisation in a different country, that country must have similar laws to our Data Protection Act in place.

Principles Principles


Sensitive Personal DataSensitive Personal Data The Act mentions data called sensitive personal data, The Act mentions data called sensitive personal data,

which may not be disclosed.which may not be disclosed. This include the following information.This include the following information. Ethnic origin of the data subjects Ethnic origin of the data subjects Their political opinionsTheir political opinions Their religious beliefsTheir religious beliefs Whether or not they are member of a trade union.Whether or not they are member of a trade union. Their physical or mental health conditionTheir physical or mental health condition The commission or alleged commission by them of The commission or alleged commission by them of

any offence any offence


Data SubjectData Subject Every one whether we like it or not is a data subject, because organizations and Every one whether we like it or not is a data subject, because organizations and

companies ,called data users holds personal detailscompanies ,called data users holds personal details Your rights to see personal details about held on computer or manually Your rights to see personal details about held on computer or manually Data Controller:Data Controller: Means a person who determine the purpose for which and the manner in which Means a person who determine the purpose for which and the manner in which

any personal data is processed.any personal data is processed. The data controller is therefore the person who decides what to do with the data The data controller is therefore the person who decides what to do with the data

once it has been entered onto the system.once it has been entered onto the system. Example:Example: If you rent a TV, then your details will be automatically passed the TV licence If you rent a TV, then your details will be automatically passed the TV licence

centre. The driver and Vehicle licence authority is linked to the police National centre. The driver and Vehicle licence authority is linked to the police National computercomputer

Data Data CommissionerCommissioner This is the person who enforces the Data Protection Act. This is the person who enforces the Data Protection Act. This is the person that organisations need to apply to in order to gain This is the person that organisations need to apply to in order to gain

permission to collect and store personal data.permission to collect and store personal data.


People Rights of data subjectsPeople Rights of data subjects A Right of Subject AccessA Right of Subject Access A data subject has a right to be supplied by a A data subject has a right to be supplied by a data controllerdata controller

with the personal data held about him or her. The data with the personal data held about him or her. The data controller can charge for this: usually a few pounds.controller can charge for this: usually a few pounds.

A Right of CorrectionA Right of Correction A data subject may force a data controller to correct any A data subject may force a data controller to correct any

mistakes in the data held about them.mistakes in the data held about them. A Right to Prevent DistressA Right to Prevent Distress A data subject may prevent the use of information if it would A data subject may prevent the use of information if it would

be likely to cause them distress.be likely to cause them distress. A Right to Prevent Direct MarketingA Right to Prevent Direct Marketing A data subject may stop their data being used in attempts to A data subject may stop their data being used in attempts to

sell them things (eg by junk mail or cold telephone calls.)sell them things (eg by junk mail or cold telephone calls.)


A Right to Prevent Automatic DecisionsA Right to Prevent Automatic Decisions A A data subjectdata subject may specify that they do not want a may specify that they do not want a data userdata user to to

make "automated" decisions about them where, through points make "automated" decisions about them where, through points scoring, a computer decides on, for example, a loan scoring, a computer decides on, for example, a loan application.application.

A Right of Complaint to the Information CommissionerA Right of Complaint to the Information Commissioner A A data subjectdata subject can ask for the use of their can ask for the use of their personal datapersonal data to be to be

reviewed by the reviewed by the Information CommissionerInformation Commissioner who can enforce a who can enforce a ruling using the Act. The Commissioner may inspect a ruling using the Act. The Commissioner may inspect a controller's computers to help in the investigation.controller's computers to help in the investigation.

A Right to CompensationA Right to Compensation The data subject is entitled to use the law to get compensation The data subject is entitled to use the law to get compensation

for damage caused ("damages") if personal data about them is for damage caused ("damages") if personal data about them is inaccurate, lost, or disclosed. inaccurate, lost, or disclosed.


Your right as a data subjectYour right as a data subject You have the right to see any personal details about you held on You have the right to see any personal details about you held on

computer or held manually.computer or held manually. You also have the right to a description of the data being You also have the right to a description of the data being

processed.processed. You do not however have the right to see all the information You do not however have the right to see all the information

held about you.held about you. There are following purposesThere are following purposes The prevention or detection of crime.The prevention or detection of crime. Catching or prosecuting offendersCatching or prosecuting offenders Collecting taxes or duty Collecting taxes or duty Medical or social worker's report in some instance.Medical or social worker's report in some instance.

Data Protection Act 171 Computers and privacy There are problems as more computers are used There...

Documents

Transcript of Data Protection Act 171 Computers and privacy There are problems as more computers are used There...