Revision Data Protection Act (Eduardo And Salvador)
Made by: Salvador Palma
What is the Data Protection Act and why was it
What are the eight principles of the Data
Data Protection Act: What rights do we have?
What is an Information Commissioner, Data
Controller and Data Subject?
Are there any exemptions to the Data Protection
The Data Protection Act was developed to give
protection and lay down the rules about how
personal data can be used.
It was created to protect individuals from misuse
of this data. It governs the collection and
processing of data by organisations and the
individual rights to access the data if they wish.
Data must be kept secure.
Data stored must be relevant.
Data stored must be kept no longer than necessary.
Data stored must be kept accurate and up-to-date.
5. Data must be obtained and processed lawfully.
6. Data must be processed within the data subject
7. Data must be obtained and specified for lawful
8. Data must not be transferred to countries without
adequate data protection laws.
To be supplied with the data held about us.
To change incorrect data.
To prevent data being used about us if it will
To stop data being used in attempts to sell us
something if the data was not collected for that
To use the law to gain compensation.
Information Commissioner: Person who has
the power to enforce the Act.
Data Controller: Person or Company that
collects and keeps data about people.
Data Subject: Person who has data about them
stored outside their direct control.
Police can access personal information in order to
The taxman can access personal information to
ensure people pay their taxes.
Any data held for domestic purposes at home e.g.
birthday lists, address books.
Early invasions of privacy was defined as the trespass,
assault, or eavesdropping, but now, all the new
technologies like computers and cell phones have to
be taken into account.
Before many of nowadays technology, people could
be almost certain that they could hold a conversation
privately in a person's home or office and that they
could not be heard by other people. Before the
invention of computer databases, people could have
information safe and secure in a filing cabinet which
is hard to access, but now with the use of
technologies like computers, people can hack
computers and access to a lot of private information.
Modern privacy laws state that the following are considered as the
most important invasions of privacy:
unreasonable intrusion upon the seclusion of another, for example, physical invasion of a
person's home (e.g., unwanted entry, looking into windows with binoculars or camera, tapping
telephone), searching wallet or purse, repeated and persistent telephone calls, obtaining
financial data (e.g., bank balance) without person's consent, etc.
appropriation of a person's name or likeness; successful assertions of this right commonly
involve defendant's use of a person's name or likeness on a product label or in advertising a
product or service. A similar concept is the quot;right of publicityquot; in Restatement (Third) Unfair
Competition §§46-47 (1995). The distinction is that privacy protects against quot;injury to
personal feelingsquot;, while the right of publicity protects against unauthorized commercial
exploitation of a person's name or face. As a practical matter, celebrities generally sue under
the right of publicity, while ordinary citizens sue under privacy.
publication of private facts, for example, income tax data, sexual relations, personal letters,
family quarrels, medical treatment, photographs of person in his/her home.
publication that places a person in a false light, which is similar to defamation. A successful
defamation action requires that the information be false. In a privacy action the information is
generally true, but the information created a false impression about the plaintiff.
Further more, it must be said that the most common and most latent privacy concern is the
second one, also known as identity theft.
surreptitious interception of conversations in a house or hotel room is
eavesdropping. See e.g., N.Y. Penal §§ 250.00, 250.05
one has a right of privacy for contents of envelopes sent via first-class
U.S. Mail. 18 USC § 1702; 39 USC § 3623
one has a right of privacy for contents of telephone conversations,
telegraph messages, or electronic data by wire. 18 USC § 2510 et seq.
one has a right of privacy for contents of radio messages. 47 USC §605
A federal statute denies federal funds to educational institutions that do
not maintain confidentiality of student records, which enforces privacy
rights of students in a backhanded way. 20 USC § 1232g. Commonly
called the Buckley-Pell Amendment to the Family Educational Rights and
Privacy Act. See also Krebs v. Rutgers, 797 F.Supp. 1246 (D.N.J. 1991);
Tombrello v. USX Corp., 763 F.Supp. 541 (N.D.Ala.1991).
Records of sales or rentals of video tapes are confidential. 18 USC §2710
Content of e-mail in public systems are confidential. 18 USC § 2702(a).
Bank records are confidential. 12 USC §3401 et seq.
library records are confidential in some states. e.g., N.Y. CPLR § 4509;
Quad/Graphics, Inc. v. Southern Adirondack Library Sys., 664 N.Y.S.2d
225 (N.Y.Sup.Ct. 30 Sep 1997)
Islam gives great importance to the fundamental human right to
This is evident from the Quran, as some of the verses state:'Do
not spy on one another' (49:12); 'Do not enter any houses except
your own homes unless you are sure of their occupants' consent'
various laws have been declared to be in violation of the
injunctions of Islam by the Federal Shariah Court. The
Constitution of Pakistan, as well as the Pakistani law on Freedom
of Information, recognizes the right to privacy. Despite this, the
main objective of the draft Pakistani Data Protection Law is not to
enshrine the principles of Islam, but to satisfy the requirements
of European Union Directive 95/46, in particular Article 25
thereof, with the hope of ensuring that data will be allowed to
flow freely between the European Union and Pakistan, thus
making Pakistan an attractive market for outsourcing.
In pakistan , the new law has been applied, it
consists on the protection of private facts.
The EDPSA that the subjet being investigated
or of whow data is being collected should be
provided with a notice. This notice will have
to be given to the Certification Council.
(a) name or trade name, and address of the data controller and data
(b) manner of collection of local data
(c) purposes and means of the processing;
(c) description of the data, the location where they are kept and the
categories of data subjects to whom they relate;
(d) limits of data clisclosure aud disseniination
(e) intended transfers of data to any country or teritory outside Pakistan;
(f) general description that allows an assessment of the technical and
organizational measures taken to ensyre data security;
(g) specification of any data filing system which fue processing is related
to, and the connections, if any. with other data processing or data filing
systems. whether within
Pakistan or not;
(h) copy of the contract between data controller aiid data processor;
(i) the capacity and authority of the individual submitting the notice.