1 AQA ICT AS Level © Nelson Thornes 2008 1 Data Protection Act

1AQA ICT AS Level © Nelson Thornes 20081AQA ICT AS Level © Nelson Thornes 2008

Data Protection Act


The Data Protection Act sets out to protect personal data belonging to living individuals. It is managed by the Information Commission.

There are some exemptions where the act does not apply, for example:

• you cannot demand to see data that might affect national security or that might hinder police investigations into crimes

• you cannot refuse to allow data collected for the electoral roll to be publicly available.

Provisions

GeoffI will get some kind of icon drawn and instructions to appear explaining that these are links to examples.


•Data subjects are living, identifiable individuals who have data stored about them, for example, you.•Data users are people who hold data about data subjects, for example, your school or college.•Organisations holding personal data must appoint a Data Controller who is responsible for the way data is used.

Provisions



Data must be:• Fairly and lawfully processed• Processed for limited purposes• Adequate, relevant and not excessive• Accurate• Not kept longer than necessary• Processed in accordance with your rights• Kept secure• Not transferred abroad without adequate protection• Please click above to see example or skip to

summary

Provisions



Data subjects must give permission for data to be sold or passed on.

Data is often sold. Companies must have your permission to do this.

Back to menu

Fairly and lawfully processed


Data must be collected for a particular purpose and permission must be sought from the data subject to use it for anything else. If data is to be passed on the company should inform the Information Commissioner

Back to menu

Processed for limited purposes


Organisations can only collect data that is actually needed to provide the services they offer.

They must state what data they intend to collect when they register as data users.

For example, you should not be asked for your National Insurance Number by a mail order company.

Back to menu

Adequate, relevant and not excessive


Financial figures must be accurate. For example, salary level determines the amount that can be borrowed for a mortgage.

That might mean that a person applying for a mortgage might be refused because of the mistake, when the mortgage would normally have been granted.

Back to menu

Accurate


Back to menu

Organisations must destroy data when it is no longer needed although not necessarily straight away.

School records, for example, are usually kept for five years after a student leaves, even paper ones.

Not kept longer than necessary


Data subjects have the right to: • see the data held about them• correct inaccurate data• stop data being processed if it is likely to cause

distress• complain to the Information Commissioner if they

think the rules have been broken• claim compensation if they can prove that

damage or distress has been caused by misuse of their data.

Back to menu

Processed in accordance with your rights


In computer terms this refers to the use of passwords and other security measures such as the encryption of data if sent elsewhere.

Back to menu

Kept secure


Data can only be transmitted to other countries provided they have laws equivalent to the Data Protection Act. Countries within the EU do have them.

Back to menu

Not transferred abroad without adequate protection


The Data Protection Act is designed to prevent inappropriate use of data about individuals.

It is overseen by the Information Commissioner.Data users store data about data subjects.Data users must follow the eight Data Protection Principles.

There are some exemptions to the act, such as national security.

Summary

Documents

1 AQA ICT AS Level © Nelson Thornes 2008 1 Data Protection Act