Saturday, November 9, 2019
Data protection Act 1998 Essay
The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the EU data protection directive of 1995 which required Member States to protect peopleââ¬â¢s fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves. The 22 August 1998 Act replaced and consolidated earlier legislation such as the Data Protection Act 1984 and the Access to Personal Files Act 1987. At the same time it aimed to implement the European Data Protection Directive. In some aspects, notably electronic communication and marketing, it has been refined by subsequent legislation for legal reasons. The Privacy and Electronic Communications (EC Directive) Regulations 2003 altered the consent requirement for most electronic marketing to ââ¬Å"positive consentâ⬠such as an opt in box. Exemptions remain for the marketing of ââ¬Å"similar products and servicesâ⬠to existing cu stomers and enquirers, which can still be permissioned on an opt out basis. The Actââ¬â¢s definition of ââ¬Å"personal dataâ⬠covers any data that can be used to identify a living individual. Anonymised or aggregated data is not regulated by the Act, providing the anonymisation or aggregation has not been done in a reversible way. Individuals can be identified by various means including their name and address, telephone number or Email address. The Act applies only to data which is held, or intended to be held, on computers (ââ¬Ëequipment operating automatically in response to instructions given for that purposeââ¬â¢), or held in a ââ¬Ërelevant filing systemââ¬â¢. [3] In some cases even a paper address book can be classified as a ââ¬Ërelevant filing systemââ¬â¢, for example diaries used to support commercial activities such as a salespersonââ¬â¢s diary. The Freedom of Information Act 2000 modified the act for public bodies and authorities, and the Durant case modified the interpretation of the act by providing case law and precedent.[4] The Data Protection Act creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data. The person who has their data processed has the right to: [5] View the data an organisation holds on them. A ââ¬Ësubject access requestââ¬â¢ can be obtained for a nominal fee. As of January 2014, the maximum fee is à £2 for requests to credit reference agencies, à £50 for health and educational request, and à £10 per individual otherwise, [6] Request that incorrect information be corrected. If the company ignores the request, a court can order the data to be corrected or destroyed, and in some cases compensation can be awarded. Require that data is not used in any way that may potentially cause damage or distress. Require that their data is not used for direct marketing.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.