Transcript Regulation of Personal Information

Regulation of Personal
Information
Daniel Pettitt, Leon Sewell and Matthew
Pallot
What is Regulation of Personal Information?
• Government and companies started using computers to
store information such as names, addresses and
telephone numbers.
• This made it easier to access and so easier for the
wrong people to get hold of personal data.
• Parliament passed laws to protect this information,
including the Data Protection Act and the Freedom of
Information Act.
Who is Affected?
• The laws cover anyone who has personal information
stored about them. They are referred to as Data
Subject.
• Any person or company that compiles information about
people is a Data Controller.
• The person/people in charge of enforcing the laws is the
Information Commisioner.
Data Protection Act
• The Data Protection Act 1998 (DPA) is a United Kingdom Act of
Parliament which defines UK law on the processing of data on
identifiable living people. It is the main piece of legislation that
governs the protection of personal data in the UK.
• It was introduced to bring UK law into line with the European
Directive of 1995 which required Member States to protect people's
fundamental rights and freedoms and in particular their right to
privacy with respect to the processing of personal data.
• In practice it provides a way for individuals to control information
about themselves. Most of the Act does not apply to domestic use,
for example keeping a personal address book. Anyone holding
personal data for other purposes is legally obliged to comply with
this Act, subject to some exemptions.
Personal data
• Data may only be used for the specific purposes for
which it was collected.
•
•
Data must not be disclosed to other parties without the
consent of the individual whom it is about, unless there is
legislation or other overriding legitimate reason.
Individuals have a right of access to the information
held about them.
• Personal information may be kept for no longer than is
necessary and must be kept up to date.
Data protection principles
•
The Data Protection Act creates rights for those who have their data stored, and
responsibilities for those who store, process or collect personal data.
The person who has their data processed has the right to:
•
View the data an organization holds on them, for a small fee, known as 'subject
access fee.
•
Request that incorrect information be corrected. If the company ignores the
request, a court can order the data to be corrected or destroyed, and in some
cases compensation can be awarded.
•
Require that data is not used in any way that may potentially cause damage or
distress.
•
Require that their data is not used for direct marketing.
Exceptions
• The Act is structured such that all processing of personal data is
covered by the act, while providing a number of exceptions. Notable
exceptions are:
•
National security. Any processing for the purpose of safeguarding
national security are exempt from all the data protection.
•
Crime and taxation. Data processed for the prevention or detection
of crime, the apprehension or prosecution of offenders, or the
assessment or collection of taxes are exempt from the first data
protection principle.
•
Domestic purposes. Processing by an individual only for the
purposes of that individual's personal, family or household affairs is
exempt from all the data protection principles.
Freedom of information act
The Freedom of Information Act gives you the
right to obtain information held by public
authorities unless there are good reasons to
keep it confidential.
The Freedom of Information Act deals with
access to official information and gives
individuals or organisations the right to request
information from any public authority.
• The Basics
The Freedom of Information Act deals with access to
official information and gives individuals or organisations
the right to request information from any public authority.
• Your legal Obligations
All public authorities and companies wholly owned by
public authorities have obligations under the Freedom of
Information Act. When responding to requests, they have
to follow a number of set procedures.
• Guidance
The ICO publishes detailed guidance notes that provide
organisations and individuals with all the information they
need to know about the Freedom of Information Act.
• Decision Notices
A Decision Notice outlines the ICO's final assessment,
following a complaint, as to whether or not a public
authority has complied with the Act. These are
catalogued and available online. Enforcement action will
be taken against public authorities that repeatedly fail to
meet their responsibilities under the act.
Example of Data not being protected
• This story involves a revenge attack on someone's
family, where the home address of the couple was
obtained through BT’s systems.
• http://news.bbc.co.uk/1/hi/england/nottinghamshire/4821
810.stm