Data Protection Act 1998

The Data Protection Act (DPA) 1998
is a law designed to protect personal data stored on computers or in an organised paper filing system.
1 of 18
Information Commissioner
is the person (and his/her office) who has powers to enforce the Act.
2 of 18
Data controller
is a person or company that collects and keeps data about people.
3 of 18
Data subject
is someone who has data about them stored somewhere, outside of their direct control. For example, a bank stores its customers' names, addresses and phone numbers.
4 of 18
How the Data Protection Act works
setting up rules that people have to follow having an Information Commissioner to enforce the rules It does not stop companies storing information about people. It just makes them follow rules.
5 of 18
Each entry in the register contains
Data controller's name and address,description of the information. How the information will be used. If the data controller plans pass information on,If the will be sent abroad, details on how information will be kept safe.
6 of 18
The Eight Principles of Data Protection
It must be collected and used fairly and inside the law.
7 of 18
It must only be held and used for the reasons given to the Information Commissioner.
It can only be used for those registered purposes and only be disclosed to those people mentioned in the register entry. You cannot give it away or sell it unless you said you would to begin with.
8 of 18
The information held must be adequate, relevant and not excessive when compared with the purpose stated in the register. So you must have enough detail but not too much for the job that you are doing with the data.3
It must be accurate and be kept up to date. There is a duty to keep it up to date, for example to change an address when people move.
9 of 18
It must not be kept longer than is necessary for the registered purpose. It is alright to keep information for certain lengths of time but not indefinitely. This rule means that it would be wrong to keep information about past customers longer than a
The information must be kept safe and secure. This includes keeping the information backed up and away from any unauthorised access. It would be wrong to leave personal data open to be viewed by just anyone.
10 of 18
The files may not be transferred outside of the European Economic Area (that's the EU plus some small European countries) unless the country that the data is being sent to has a suitable data protection law.
his part of the DPA has led to some countries passing similar laws to allow computer data centres to be located in their area.
11 of 18
A Right of Subject Access
A data subject has a right to be supplied by a data controller with the personal data held about him or her. The data controller can charge for this (usually around £10 pounds).
12 of 18
A Right of Correction
A data subject may force a data controller to correct any mistakes in the data held about them.
13 of 18
A Right to Prevent Distress
A data subject may prevent the use of information if it would be likely to cause them distress.
14 of 18
A Right to Prevent Direct Marketing
A data subject may stop their data being used in attempts to sell them things (eg by junk mail or cold calling.)
15 of 18
A Right to Prevent Automatic Decisions
A data subject may specify that they do not want a data user to make "automated" decisions about them where, through points scoring, a computer decides on, for example, a loan application.
16 of 18
A Right of Complaint to the Information Commissioner
A data subject can ask for the use of their personal data to be reviewed by the Information Commissioner who can enforce a ruling using the DPA. The Commissioner may inspect a controller's computers to help in the investigation.
17 of 18
A Right to Compensation
The data subject is entitled to use the law to get compensation for damage caused ("damages") if personal data about them is inaccurate, lost, or disclosed.
18 of 18

Other cards in this set

Card 2

Front

is the person (and his/her office) who has powers to enforce the Act.

Back

Information Commissioner

Card 3

Front

is a person or company that collects and keeps data about people.

Back

Preview of the back of card 3

Card 4

Front

is someone who has data about them stored somewhere, outside of their direct control. For example, a bank stores its customers' names, addresses and phone numbers.

Back

Preview of the back of card 4

Card 5

Front

setting up rules that people have to follow having an Information Commissioner to enforce the rules It does not stop companies storing information about people. It just makes them follow rules.

Back

Preview of the back of card 5
View more cards

Comments

No comments have yet been made

Similar ICT resources:

See all ICT resources »See all Operating online resources »