Acts Leading to Data Security- Data Protection
The Data Protection Act 1984 (Updated 1998)
There are 8 principles:
- Data must be fairly and lawfully processed
- Must be processed for limited purposes
- Must be adequate, relative and not excessive
- Must be accurate and up to date
- Must not be kept for longer than is necessary
- Must be processed in line with the public's rights
- Must be kept in a secure environment
- Must not be transferred to other countries without adequate protection
The public have the right to see any information held about themselves (subject access request) and ask that any information that is incorrect is made correct.
It does not apply to payroll, pensions and accounts data or data held for recreational use. Also exemptions include where data is stored in connection with national security, for prevention of crime and collection of tax or duty.
Acts Leading to Data Security- Electronic Communic
The Electronic Communications Act (2000)
There are two main parts:
- Cryptography service provided: This allows the government to set up a register of approved cryptography services.
- Facilitation of electronic commerce data storage: this recognises digital signatures which are now admissable in law.
Benefits are that contracts signed over the internet have the same legality as those signed by hand.
Problems are that it will take a long time for some bodies to accept the signatures, for example when buying or selling a house or making a will.
Acts Leading to Data Security- Freedom of Informat
The Freedom of Information Act (2000)
This means that the public have the right to request information from any public authority by writing to them and the public authority has 20 working days to comply.
The benefits are that information that was not available to the public before the act now is, therefore increasing accountability. The government cannot hide public decisions.
The problems with the act are that requesting information doesn't necessarily mean you will get it: some information may be withheld.
Acts Leading to Data Security- Other Acts
- The Computer Misuse Act (1990)
- The Copyright, Designs and Patents Act (1988)
- The Regulation of Investigatory Powers Act (2000)