![Page 1: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/1.jpg)
Legal issues
The Data Protection Act 1998
![Page 2: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/2.jpg)
Legal issues
What the Act covers
• The misuse of personal data• By organizations and businesses
![Page 3: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/3.jpg)
Legal issues
The terms used in the Act
You will need to be able to define each of the following terms:
• Personal data – data about a living identifiable person, which is specific to that person
• Data subject – the living individual whom the personal information is about
• Data holder/controller - the person whose responsibility it is in an organization to control the way that personal data is processed
• Information Commissioner – the person responsible for enforcing the Act. They also promote good practice and make everyone aware of the implications of the Act.
![Page 4: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/4.jpg)
Legal issues
Personal data 1
Personal data is:• Data about an
identifiable person• who is living• and is specific to
that person
![Page 5: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/5.jpg)
Legal issues
Personal data 2
Personal data can include:•Date of birth•Medical details•Credit history•Salary•Qualifications•Religious beliefs
![Page 6: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/6.jpg)
Legal issues
Notification by the data holder
The Information Commissioner needs to know that an organization is processing personal informationNotification involves the data holder telling the Information Commissioner what personal data is processed and why it is processed
![Page 7: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/7.jpg)
Legal issues
Subject access
Subjects are able to see information held.Purpose is to let them check it is correct.If information is wrong they can either:• have the right to compensation if they
have occurred loss or injury as a result• have the right to having the information
changed or deleted
![Page 8: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/8.jpg)
Legal issues
Exemptions 1• Where data is used for personal, family
or household use• Where the data is used for preparing
text (e.g., references)• Where the data is being used for the
calculation of pay or pensions• Where data is being used for mailing
lists provided only name and address details are stored
• Where the data is used by a sports or recreational club that is not a limited company.
![Page 9: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/9.jpg)
Legal issues
Exemptions 2
• Data used for the prevention or detection of crime
• Data used for the apprehension or prosecution of offenders
• Data used for the assessment or collection of tax or duty
• Medical records of social worker reports.
![Page 10: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/10.jpg)
Legal issues
The Data Protection Principles
• The Data Protection Act 1998 contains eight Data Protection Principles
• Anyone processing personal information has to process data according to these principles
• You will be asked to list three or more in your exam
![Page 11: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/11.jpg)
Legal issues
Principle 1
Personal data shall be processed fairly and lawfully.
![Page 12: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/12.jpg)
Legal issues
Principle 2
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
![Page 13: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/13.jpg)
Legal issues
Principle 3
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
![Page 14: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/14.jpg)
Legal issues
Principle 4
Personal data shall be accurate and, where necessary, kept up to date.
![Page 15: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/15.jpg)
Legal issues
Principle 5
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
![Page 16: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/16.jpg)
Legal issues
Principle 6
Personal data shall be processed in accordance with the rights of data subjects under this Act.
![Page 17: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/17.jpg)
Legal issues
Principle 7
Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
![Page 18: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/18.jpg)
Legal issues
Principle 8
Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Consider the Cloud!
![Page 19: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/19.jpg)
Legal issues
Rights of the subject
• A Right of Subject AccessA data subject has a right to be supplied by a data controller with the
personal data held about him or her. The data controller can charge for this (usually around £10 pounds).
• A Right of CorrectionA data subject may force a data controller to correct any mistakes in
the data held about them.
A Right to Prevent DistressA data subject may prevent the use of information if it would be likely
to cause them distress.
![Page 20: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/20.jpg)
Legal issues
Rights of the subject• A Right to Prevent Direct MarketingA data subject may stop their data being used in attempts to sell them
things (eg by junk mail or cold calling.)
• A Right to Prevent Automatic DecisionsA data subject may specify that they do not want a data user to make
"automated" decisions about them where, through points scoring, a computer decides on, for example, a loan application.
• A Right of Complaint to the Information CommissionerA data subject can ask for the use of their personal data to be reviewed
by the Information Commissioner who can enforce a ruling using the DPA. The Commissioner may inspect a controller's computers to help in the investigation.
![Page 21: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/21.jpg)
Legal issues
Rights of the subject• A Right to CompensationThe data subject is entitled to use the law to get compensation for
damage caused ("damages") if personal data about them is inaccurate, lost, or disclosed.
![Page 22: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/22.jpg)
Legal issues
Physical Methods to prevent unauthorised access to
computer systems• Locks• Clamps• Alarms• Surveillance• Location
![Page 23: Legal issues The Data Protection Act 1998. Legal issues What the Act covers The misuse of personal data By organizations and businesses](https://reader035.vdocuments.net/reader035/viewer/2022081516/56649f1f5503460f94c3737d/html5/thumbnails/23.jpg)
Legal issues
Data Protection Act Scenarios
• Find three news stories from the internet.
• Write a short paragraph about each stating what the story was about, what principals of the data act was violated and what were the consequences.