2006-06-20 11:37:08 · 3 answers · asked by Suray K 1 in Politics & Government ➔ Law & Ethics
The Data Protection Act 1984 (DPA) is a British Act of Parliament that provided a legal basis and allowing for the privacy and protection of data of individuals in the UK. It was repealed by the Data Protection Act 1998. The 1984 Act provided for a regulatory authority, the Data Protection Registrar, to oversee the implementation of and adherence to the Act.
The 1984 act was an implementation of the 1981 European Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, and was followed up by the Data Protection Act 1998 which was an implementation of European Union Directive 95/46/EC which, amongst other measures, expanded the remit of the DPR and renamed the position to the Data Protection Commissioner.
According to the provisions of the DPA, data collected by one party to another party may only be used for the specific purposes for which they were collected. Personal data may only be kept for an appropriate length of time and must not be disclosed to other parties without the consent of the data owner. Schools, for example, may decide to keep information on former pupils for no longer than ten years.
Most recently, the Freedom of Information Act 2000 further expanded the role to include freedom of information; the job title of the DPR/DPC was changed once again, this time to Office of the Information Commissioner.
The UK DPA has a reputation for complexity. Whilst the basic principles are honoured for protecting privacy, interpreting the act is not always simple.
The Act covers all personal data which an organisation may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc.
-
Personal data must be:
Processed fairly and lawfully.
Obtained for specified and lawful purposes.
Adequate, relevant and not excessive.
Accurate and up to date.
Not kept any longer than necessary.
Processed in accordance with the "data subject's" (the individual's) rights.
Securely kept.
Not transferred to any other country without adequate protection.
-
In order for data to be classed as 'fairly processed', at least one of these six conditions must be applicable to that data. Note that the legal phrase 'data-subject' simply means 'the individual'.
The data subject has 'consented' ("given their permission") to the processing;
Processing is necessary for 'the performance of' (to speed up the completion of) a contract;
Processing is required under a legal obligation (other than one stated in the contract);
Processing is necessary to protect the vital interests of the data subject's rights;
Processing is necessary to carry out any public functions;
Processing is necessary in order to pursue the legitimate interests of the "data controller" or "third parties" (unless it could unjustifiably prejudice the interests of the data subject).
2006-06-20 11:45:59 · answer #1 · answered by The Techie 4 · 0⤊ 0⤋
The Data Protection Act (1984) essentially refers to the fact that unless otherwise given permission, companies must not divulge information about its customers, or those people stored on its database, unless there is a legitimate reason why it must do so to perform its business. Additionally, it means that firms must store and transmit information responsibly such that security of the data cannot be compromised. Any of the other legal nonsense surrounding the DPA is fluff, and honestly not really that important.
2006-06-20 11:42:12 · answer #2 · answered by Anonymous · 0⤊ 0⤋
In brief: you can not disclose any information that may identify a person e.g name, address dob etc. A few other crucial points are:
businesses should only hold on to information they actually need,
information that is no longer required should be deleted or destroyed as soon as possible
the information must be accurate and up to date
the information must be held securely
businesses must observe the subject's rights
Anyone is able to access their own records but not that of anyone else.
I work with the public and when we are giving out information, ubncluding appointment times, we have to be sure or who we are talking to by getting them to confirm their dob, post code and one other piece of information picked at random. the DPA is is absolutely critical to stick to as a breach could result in closure of a business and imprisonment (i know someone who was imprisoned for 2 years for breach of the DPA).
2006-06-22 04:59:05 · answer #3 · answered by willowbee 4 · 0⤊ 0⤋