Data Protection Act

Lesson Objectives

• To understand the data protection act

The Data Protection Act (DPA)

• The Data Protection Act 1998 sets out to protect the privacy of personal information.

• It covers data held on computers and paper

What should data be?

Data must be...

1. fairly and lawfully processed (used) 2. used for limited purposes 3. adequate and relevant. Only what is needed may be used 4. accurate 5. not kept for longer than is necessary 6. accessible to the individual and able to be corrected or

removed where necessary 7. secure 8. not transferred to countries without adequate protection.

Possible Legal Implications if any of the 8 rules are breached

• For serious breaches organisations can be made to pay up to £500000

• The organisation can be prosecuted/fined/sued if the data is stolen and not held securely

• Data held must be protected from lost, so if the data is lost an offence has occurred. Furthermore the organisation will need to tell the person whose data it was.

• The information commissioner can issue the organisation to improve their data security.

• The information commissioner can serve an assessment to investigate their data security.

What are the implications for someone if their data is stolen?

What are the implications for someone if their data is stolen?

• You may need to change some of your details because personal data that is lost may allow access to your bank account

• Steve’s account may get money taken out as Steve’s personal details allow others to impersonate him

How can data be protected?

How can data be protected?

• Antivirus – To protect files from virus’• Access permissions and user accounts – Only

let certain people view files• Password protect files – so people can’t just

open them• Use secure networks – Password protect your

network

Exemptions• Any personal data that is held for a national

security reason is not covered. So MI5 and MI6 don't have to follow the rules.

• The taxman or police do not have to disclose information held or processed to prevent crime or taxation fraud. Criminals cannot see their police files. Tax or VAT investigators do not have to show people their files.

• A school pupil has no right of access to personal files, or to exam results before publication.

The roles of those involved

• A data subject is someone who has data about them stored somewhere, outside of their direct control. e.g. a bank stores its customers' names, addresses and phone numbers.

• A data controller is a person or company that collects and keeps data about people.

• The Information Commissioner is the person (and his/her office) who has powers to enforce the Act.

Questions – Full Sentences (Copy Question)

1. What is an online calendar?2. Give 3 uses for a company using an online

calendar?3. What is the DPA?4. Give 2 possible legal implications for an

organisation if they breach the DPA?5. What can happen if personal details are

stolen?6. How can data be protected?