Your SlideShare is downloading. ×
  • Like
Data protection act new 13 12-11
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Data protection act new 13 12-11

  • 2,197 views
Published

 

Published in Education , Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,197
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
89
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Data Protection Act
  • 2. Objectives
    • By the end of this topic you will be able to:
      • Identify the provisions of the 1998 Data Protection Act
      • Identify the responsibilities of data users
      • Identify the rights of data subjects
      • Identify the full and partial exemptions to the act
  • 3. Objectives
    • By the end of this Lesson you will be able to:
      • Identify the provisions of the 1998 Data Protection Act
        • ALL – Will know why and when it was introduced
        • MOST – Will define 4 of the principles and explain
        • SOME – Will define 8 of the principles and explain
  • 4. The Data Protection Act
    • WHY was it introduced?
    • The Data Protection Act grew out of public concern about personal privacy in the face of rapidly developing computer technology.
    • It works in two ways, giving individuals certain rights whilst requiring those who record and use personal information on computer to be open about that use.
  • 5. The Data Protection Act
    • WHEN was it introduced?
    • The Data Protection Act became law on 12 th July 1984 and was updated in 1998
    • It states that anyone processing ‘personal data’ must comply with the 8 enforceable principles of good practice.
    Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address
  • 6. The Data Protection Principles
    • Data must be:
      • Fairy and lawfully processed
      • Processed for specified purposes
      • Adequate, relevant and not excessive
      • Accurate and, where necessary, up to date
    Processing personal data includes collecting, storing, accessing, changing and destroying any information about you. So this must be done fairly, which means telling the subject why the data is being collected and not obtaining it from third parties You must notify the Data Protection Commissioner of all intended uses of data and any processing must match one of those uses Adequate – meeting the requirements of a task. If someone asks for “Extra” information (for example “Are you married” when booking in to a hotel), just quote Principle 3 when declining If details about individuals change then the data kept must be updated so as to be accurate
  • 7. Quick Check
    • Question (objective - ALL)
    • Why was the data protection act introduced?
    • Answer
    • Because the public were concerned about personal privacy in the face of rapidly developing computer technology
  • 8. Quick Check
    • Question (objective - ALL)
    • When was the data protection act introduced? And when was it updated?
    • Answer
    • Introduced - 12 th July 1984
    • Updated - 1998
  • 9. Quick Check
    • Question
    • What is meant by personal data?
    • Answer
    • Information about living identifiable individuals
  • 10. Quick Check
    • Question (objective - MOST)
    • Tell me the first 4 principles of the Data Protection Act?
    • Answer
      • Data must be:
      • F airy and lawfully processed
      • P rocessed for specified purposes
      • A dequate, relevant and not excessive
      • A ccurate and, where necessary, up to date
  • 11. The Data Protection Principles
    • Data must be:
      • Not kept longer than necessary
      • Processed in accordance with the data subject’s rights
      • Secure
      • Not transferred to countries without adequate protection
    With regard to retaining data, ask yourself why it needs to be kept beyond a certain date Data Subjects – the individuals to whom the personal data relate Dead persons are not regarded as data subjects Data subjects can notably ask for copies of data held about them . The data controller has a maximum of 40 days in which to respond. But the data subject is also entitled to compensation if (s)he can prove "substantial damage or substantial distress" as a result of improper use of data, or the failure to stop processing when that has been requested. Security is crucial – organisations must enforce ‘Appropriate’ technical and organisational measures against unauthorised or unlawful processing of personal data "Appropriate" means that it must be adequate for the nature of the data in question - but also that it must take account of technological advances (for example, forms of encryption). This has a specific meaning in that it relates to transfers to particular countries, but it also applies nicely to the Web . You can object to having your picture or phone number shown on the web. Without your consent it is illegal.
  • 12. Definitions
    • Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address
    • Data Subjects – The individuals to whom the personal data relate.
  • 13. Definitions
    • Data Controller – Those who control the contents and use of a collection of personal data.
      • They can be any type of company or organisation
      • A data controller does not necessarily own a computer
  • 14. Quick Check
    • Question (objective - Most)
    • Tell me the last 4 principles of the Data Protection Act?
    • Answer
      • Data must be:
      • N ot kept longer than necessary
      • P rocessed in accordance with the data subject’s rights
      • S ecure
      • N ot transferred to countries without adequate protection
  • 15. Quick Check
    • Question
    • Define Data Subjects?
    • Answer
    • The individuals to whom the personal data relate
  • 16. Quick Check
    • Question
    • Define Data Controller?
    • Answer
    • Those who control the contents and use of a collection of personal data
  • 17. Data Controllers
    • With few exceptions, all data users have to register with the ICO.
    • They must give their name and address together with broad descriptions of:
      • The items of data held
      • The purpose for which the data are held
      • Who will have access to the data
      • The types of organisations to whom the information may be disclosed i.e. shown or passed on to
      • Any overseas countries or territories to which the data may be transferred.
    Information Commissioner’s Office – Maintains a register of data users, which are publicly available. They also have other duties, like, considering complaints about breaches and prosecuting offenders.
  • 18. Information Commissioner’s Office
    • The information Commissioner’s Office enforces and oversees the Data Protection Act 1998 and the Freedom of information Act 2000.
    • The Commissioner Office reports annually to Parliament.
    • They promote good information handling and provide guidelines.
    • They investigate complaints (act as Ombudsman) and provide help
    • Their mission is to:
    • “ uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We rule on eligible complaints, give guidance to individuals and organisations, and take appropriate action when the law is broken”
    • http://www.ico.gov.uk/about_us.aspx
  • 19.
    • http://www.bbc.co.uk/news/10544520
  • 20. The Rights of Data Subjects
    • Apart from the right to complain to the registrar, data subjects also have a range of rights, these are:
      • Right to compensation for unauthorised disclosure of data
      • Right to compensation for inaccurate data
      • Right to access to data and to reply for rectification or erasure where data are inaccurate
      • Right to compensation for unauthorised access, loss or destruction of data
  • 21. Exemptions from the Act
    • The act does not apply to payroll, pensions and accounts data;
    • Registration may not be necessary when the data are for personal, family, household or recreational use;
    • Subjects do not have a right to access data if the sole aim of collecting it is for statistical or research purposes;
  • 22. Exemptions from the Act
    • Data can be disclosed to the data subjects agent (e.g. lawyer or accountant);
    • Additionally, there are exemptions for special categories, including data held:
      • In connection with national security
      • For prevention of crime
      • For the collection of tax or duty
  • 23. TRUE or FALSE
    • You only have to register with the Data Protection Registrar if you keep sensitive information on computer?
    • FALSE
    • The act does not differentiate between sensitive and non sensitive information. Even a simple name and address might be sensitive in certain circumstances
  • 24. TRUE or FALSE
    • Information can be stored on computer and passed on without my permission?
    • TRUE
    • Your consent is not required before information is stored or passed on about you. However, the act requires that the source of the data (usually you) is properly notified about what is happening to the information when it is given.
  • 25. TRUE or FALSE
    • You have to have a computer to be a data user?
    • FALSE
    • The act defines a data user as the person in control of the contents and use of the information being processed, this could mean manual records too.
  • 26. TRUE or FALSE
    • ANYONE who holds and processes personal data must comply with the Act?
    • FALSE
    • There are exceptions (e.g. payroll, pensions and accounts data)
  • 27. Quick Check
    • Question (objective - ALL)
    • Why was the data protection act introduced?
    • Answer
    • Because the public were concerned about personal privacy in the face of rapidly developing computer technology
  • 28. Quick Check
    • Question (objective - ALL)
    • When was the data protection act introduced? And when was it updated?
    • Answer
    • Introduced - 12 th July 1984
    • Updated - 1998
  • 29. Quick Check
    • Question (objective - SOME)
    • Tell me the 8 principles of the Data Protection Act?
    • Answer
      • Data must be:
      • F airy and lawfully processed
      • P rocessed for specified purposes
      • A dequate, relevant and not excessive
      • A ccurate and, where necessary, up to date
      • N ot kept longer than necessary
      • P rocessed in accordance with the data subject’s rights
      • S ecure
      • N ot transferred to countries without adequate protection
  • 30. Activity/Homework
    • Come up with a way of remembering the 8 principles of the Data Protection act (not an acronym)
    • F P A A N P S N
  • 31.
    • F our
    • P eople
    • A nd
    • A
    • N oisy
    • P otatoe
    • S at
    • N ear
      • F airy and lawfully processed
      • P rocessed for specified purposes
      • A dequate, relevant and not excessive
      • A ccurate and, where necessary, up to date
      • N ot kept longer than necessary
      • P rocessed in accordance with the data subject’s rights
      • S ecure
      • N ot transferred to countries without adequate protection