Computing Laws (All)

Data Protection Act - 1998

• Define what companies can do with data that can identify a living person.
• 8 parts - make it harder for companies to use data for the wrong purpose.
• Covers collection, holding and use of data.
• Companies that hold data must adhere to the act or they are breaking the law.
• Must sign up to the Information Commissioners Office

The Eight Parts

Data must be kept secure:

• Main aim. 
• Ensures user safety.
• Companies must protect data.
• Take precautions
• If data is stolen, the person from the company responsible for data protection will be arrested and taken to court.

Data Stored Must be Relevent and not Excessive:

• Only hold relevent data to company porpuse.
• Cannot hold inappropriate data - variation between companies.

Data stored must be Kept no Longer than Necessary:

• only need to hold data for certain amounts of time - variation between companies.
• Not neccessary for data to be kept for years after someone has stopped using the service.

Data must be Accurate and Up to Date:

• Must be up to date e.g. new address when move house.
• Postal or online serveys.
• Down to the client to ensure data is udated whenn change occurs.

Data must be Obtained and Processed Lawfully:

• Ensure data is not collected illegally.
• Puts restraints on how data can be collected and processed.
• If data is attempted to be obtained illegally - company will be prosecuted.

Data must be Obtained and Specified for Lawful Purposes:

• When data is collected it must be clear what it is for.
• Individual can refuse.
• Company must be specific

Data must be…