Processing personal data includes collecting, storing, accessing, changing and destroying any information about you. So this must be done fairly, which means telling the subject why the data is being collected and not obtaining it from third parties You must notify the Data Protection Commissioner of all intended uses of data and any processing must match one of those uses Adequate – meeting the requirements of a task. If someone asks for “Extra” information (for example “Are you married” when booking in to a hotel), just quote Principle 3 when declining If details about individuals change then the data kept must be updated so as to be accurate
Processed in accordance with the data subject’s rights
Not transferred to countries without adequate protection
With regard to retaining data, ask yourself why it needs to be kept beyond a certain date Data Subjects – the individuals to whom the personal data relate Dead persons are not regarded as data subjects Data subjects can notably ask for copies of data held about them . The data controller has a maximum of 40 days in which to respond. But the data subject is also entitled to compensation if (s)he can prove "substantial damage or substantial distress" as a result of improper use of data, or the failure to stop processing when that has been requested. Security is crucial – organisations must enforce ‘Appropriate’ technical and organisational measures against unauthorised or unlawful processing of personal data "Appropriate" means that it must be adequate for the nature of the data in question - but also that it must take account of technological advances (for example, forms of encryption). This has a specific meaning in that it relates to transfers to particular countries, but it also applies nicely to the Web . You can object to having your picture or phone number shown on the web. Without your consent it is illegal.
With few exceptions, all data users have to register with the ICO.
They must give their name and address together with broad descriptions of:
The items of data held
The purpose for which the data are held
Who will have access to the data
The types of organisations to whom the information may be disclosed i.e. shown or passed on to
Any overseas countries or territories to which the data may be transferred.
Information Commissioner’s Office – Maintains a register of data users, which are publicly available. They also have other duties, like, considering complaints about breaches and prosecuting offenders.
The information Commissioner’s Office enforces and oversees the Data Protection Act 1998 and the Freedom of information Act 2000.
The Commissioner Office reports annually to Parliament.
They promote good information handling and provide guidelines.
They investigate complaints (act as Ombudsman) and provide help
Their mission is to:
“ uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We rule on eligible complaints, give guidance to individuals and organisations, and take appropriate action when the law is broken”
Information can be stored on computer and passed on without my permission?
Your consent is not required before information is stored or passed on about you. However, the act requires that the source of the data (usually you) is properly notified about what is happening to the information when it is given.