1. Data Protection Act 17 1
Computers and privacy
There are problems as more computers are used
More and more information is stored on computers.
By linking the information gained by several computers together so it is
possible to build up complete picture of person's life.
So in this way privacy of a person will become less
A person goes to abroad then computer stored these kinds of information
Example:
Travel companies computers data
Bank’s computers
Travel insurance companies
Library
2. Data Protection Act 17 2
Loyalty cards
Large store chains now have what is called a loyalty card
scheme
Each time customer uses the card, points are added
When the no of points earned reaches a certain value
customers are given voucher
Working of Loyalty cards
Fills an application forms
Customer is given a loyalty card that contain magnetic strip
When making their purchases the loyalty card links the
customers to their purchases
Card adds certain no of points based on their bill and the items
bought to the total
3. Data Protection Act 17 3
Store things added few information
What newspaper and magazines you read
What drink u like
The method of purchase
Whether u have petrol or gas car
What pets you have
Why electronic stored information is easier
Cross referencing
Danger of hacking
Making alterations
Faster access to data
4. Data Protection Act 17 4
Reason behind data protection
As more and more information come to be
stored on computers much of its personal data
about individuals, there became the need for
some sort of control over the way that it was
collected and the way it could be used
5. Data Protection Act 17 5
1998 Data Protection Act
This act replaces the earlier Data Protection Act 1984
Covers manually held data not covered by the earlier
Act
This act covers the processing of data either manually
or by the computer
This act deal with some of the things that were not
around when the older act was introduced like
Internet
Loyalty card
Use of huge database for marketing purposes
6. Data Protection Act 17 6
Eight Principles
The Eight Principles
Principle What it means
Personal data should be obtained and
processed fairly and lawfully
This means that you should be told that data is being collected about
you, and you should know what the data will be used for.
Personal data can be held only for specified
and lawful purposes
The Data Controller has to state why they want to collect and store
information when they apply for permission to be able to do so.
If they use the data they have collected for other purposes, they
are breaking the law.
Personal data should be adequate, relevant
and not excessive for the required
purpose
Organisations should only collect the data that they need and no
more. Your school needs to know your parent's phone number
in case they need to contact them in an emergency. However,
they do not need to know what your grandmother's name is, nor
do they need to know your eye co lour. They should not ask,
nor should they store such details since this would be excessive
and would not be required to help with your education.
Personal data should be accurate and kept
up-to-date
Companies should do their best to make sure that they do not record
the wrong facts about a data subject. Your school probably asks
your parents to check a form once a year to make sure that the
phone number and address on the school system is still
correct.If a person asks for the information to be changed, the
company should comply if it can be proved that the information
is indeed incorrect.
7. Data Protection Act 17 7
Personal data should not be kept
for longer than is necessary
Organisations should only keep personal data for a
reasonable length of time. Hospitals might need to keep
patient records for 25 years or more, that is acceptable
since they may need that information to treat an illness
later on. However, there is no need for a personnel
department to keep the application forms of unsuccessful
job applicants.
Data must be processed in
accordance with the rights of the data
subject
People have the right to inspect the information held on
them (except in certain circumstance - see later). If the
data being held on them is incorrect, they have the right to
have it changed.
Appropriate security measures must
be taken against unauthorised access
This means information has to be kept safe from hackers
and employees who don't have rights to see it. Data must
also be safeguarded against accidental loss.
Personal data cannot be transferred to
countries outside the E.U. unless the
country has similar legislation to the
D.P.A.
This means that if a company wishes to share data with an
organisation in a different country, that country must have
similar laws to our Data Protection Act in place.
Principles
8. Data Protection Act 17 8
Sensitive Personal Data
The Act mentions data called sensitive personal data,
which may not be disclosed.
This include the following information.
Ethnic origin of the data subjects
Their political opinions
Their religious beliefs
Whether or not they are member of a trade union.
Their physical or mental health condition
The commission or alleged commission by them of
any offence
9. Data Protection Act 17 9
Data Subject
Every one whether we like it or not is a data subject, because organizations and
companies ,called data users holds personal details
Your rights to see personal details about held on computer or manually
Data Controller:
Means a person who determine the purpose for which and the manner in which
any personal data is processed.
The data controller is therefore the person who decides what to do with the data
once it has been entered onto the system.
Example:
If you rent a TV, then your details will be automatically passed the TV licence
centre. The driver and Vehicle licence authority is linked to the police National
computer
Data Commissioner
This is the person who enforces the Data Protection Act.
This is the person that organisations need to apply to in order to gain permission
to collect and store personal data.
10. Data Protection Act 17 10
People Rights of data subjects
A Right of Subject Access
A data subject has a right to be supplied by a data controller
with the personal data held about him or her. The data
controller can charge for this: usually a few pounds.
A Right of Correction
A data subject may force a data controller to correct any
mistakes in the data held about them.
A Right to Prevent Distress
A data subject may prevent the use of information if it would
be likely to cause them distress.
A Right to Prevent Direct Marketing
A data subject may stop their data being used in attempts to
sell them things (eg by junk mail or cold telephone calls.)
11. Data Protection Act 17 11
A Right to Prevent Automatic Decisions
A data subject may specify that they do not want a data user
to make "automated" decisions about them where, through
points scoring, a computer decides on, for example, a loan
application.
A Right of Complaint to the Information Commissioner
A data subject can ask for the use of their personal data to be
reviewed by the Information Commissioner who can enforce a
ruling using the Act. The Commissioner may inspect a
controller's computers to help in the investigation.
A Right to Compensation
The data subject is entitled to use the law to get compensation
for damage caused ("damages") if personal data about them is
inaccurate, lost, or disclosed.
12. Data Protection Act 17 12
Your right as a data subject
You have the right to see any personal details about you held on
computer or held manually.
You also have the right to a description of the data being
processed.
You do not however have the right to see all the information
held about you.
There are following purposes
The prevention or detection of crime.
Catching or prosecuting offenders
Collecting taxes or duty
Medical or social worker's report in some instance.