• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  • Level: GCSE
  • Subject: ICT
  • Word count: 3933

The Data Protection Act 1998 - questions and answers

Extracts from this document...


The Data Protection Act 1998 The Data Protection Act 1998 is a security issue. The seventh Data Protection Principle requires adequate security measures to protect personal data; while the eighth Principle prohibits the export of such data to countries outside of the EU that do not have an adequate level of data protection for data subjects (at the moment, this includes the USA). And on top of this, individual company directors can be held liable. Nevertheless, the new Data Protection Act is still little understood - so we asked Elaine McKinney, a solicitor with MacRoberts, to give us an overall picture of this new law. Why do we need a Data Protection law? Due to the explosion in use of computers concerns were expressed that information was being processed about individuals without their knowledge and without the ability to have access to that information or correct it if it was wrong. The Data Protection law attempts to maintain a balance between the rights of individuals and the ability of others to process information about them. What is the law in the UK? The Data Protection Act 1984 will soon be replaced by the Data Protection Act 1998 ('the 1998 Act'). The 1998 Act is being introduced to allow the UK to comply with its European obligations. The UK is late in introducing the new law and no firm date has yet been set for it to become law. So, is the new law in force yet? The 1998 Act is not yet in force. Until it becomes law, there is no requirement to comply with it; but remember, the provisions of the Data Protection Act 1984 still apply. Also, some public bodies which are considered 'emanations of the state' have to comply with the underlying European Directive straight away. Will the law totally change with the 1998 Act? Although there are substantial differences including the application of the law to some manual data not just computerised data, a new category of data called ...read more.


Again this term is not defined in the 1998 Act and is question of fact in each case. The Commissioner has stated that she will take into account a number of factors including how much it would cost the data controller to provide the information weighed against the benefits to the data controller of processing the information. What type of manual information is caught by the 1998 Act? Manual information which is held in a 'relevant filing system' is caught by the 1998 Act. A relevant filing system is defined as any set of information relating to individuals which, although not processed automatically, is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible. The critical point relating to relevant filing systems is the structure of the information within a filing system rather than the nature of the information itself. If specific information relating to a particular individual is readily accessible then the manual information will be caught. There is some confusion over what a relevant filing system actually is however the government believes that the wording covers highly structured systems including card index systems but would not include a ring binder full of information about an employee if specific information about that employee could not be readily accessed. Companies need to have a look at how they hold manual information to see whether this could fall within the definition of a relevant filing system. It should also be remembered that individuals will have the right to see manual data held in a relevant filing system by making a subject access request and companies need to think about setting up procedures to give individuals subject access to manual files. There are transitional provisions under the 1998 Act which mean that not all existing manual files will be caught by the 1998 Act from day one. ...read more.


This assumes that all EEA States will have implemented Directive 95/46 as this provision is drawn from Article 25(1). There is no objective test of adequacy given in either the Directive nor the Act; the level of adequacy has to be determined subjectively as 'one which is adequate in all the circumstances of the case having regard...' to factors similar to the other Data Protection Principles. The adequacy test applied to the recipient country or territory is likely to be the same (or higher) than that imposed by the Act. Where it appears to a Member State that a particular country does not afford an adequate level of protection and the European Commission confirms this, Member States will be required to prohibit the transfer of data to that country. Conclusion The 1998 Act, although built around the provisions of the 1984 Act, constitutes a major departure in some areas. Companies require to look at how they hold and process data and will in particular have to consider how they intend to meet the new conditions for processing of data discussed above. In addition procedures will require to be put in place to deal with subject access requests which, in time, will also apply to manual as well as computerised data. The Act's provisions regarding the prohibition of the transfer of data to countries which do not have an adequate level of protection will have a significant on companies which process or transfer data overseas or which have overseas customers or branches. Much of the Act's terms will require to be fleshed out in subordinate legislation and guidance. Further information can be obtained on the Commissioner's web site at http://www.open.gov.uk/dpr/dprhome.htm. The information contained in this guide is intended to provide a brief overview of the main provisions of the new law. It is of the nature of general comment only and neither purports nor is intended to be advice on any particular matter. Readers should not act on the basis of any of the information contained here without taking appropriate legal advice on their own particular circumstances. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Legislation & The Legal Framework section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Legislation & The Legal Framework essays

  1. Marked by a teacher

    Ict and the law

    4 star(s)

    The DPA affects Mr Hulse and Mr James in a similar way. At my high school Mr Hulse is the data manager as is Mr James for his business. Both men must be registered with the data commissioner. The law means that both men must look after the information they collect and store.

  2. Peer reviewed

    The Data Protection Act

    4 star(s)

    How the Data Protection Act affects the community There is also lots of information held about local people in circulation within the community (i.e.

  1. Data Protection Act

    In the Data Protection Act 1998 it was updated legislation and gave employees the right to see the personal files. Organisations are only allowed to keep relevant information on customers for the purpose for which it was collected and not longer than is necessary.

  2. Discussing legislation - Data Protection act, Copyright, Computer Misuse, Health and Safety at Work ...

    * Hacking - unauthorized people gaining access to computer networks * Data Misuse and unauthorized transfer or copying - file sharing * Copying and distributing software, music and film - Including copying CD's on your computer and sharing them on the internet * Email and chat room abuses - Impersonation

  1. The Legislation That Protects Individuals and Groups using IT. Use of It by myself ...

    However, the act does impose the companies to not hide this information in any way. They have to make sure it is noticeable to any users signing up. The act also makes sure that those aiming to use this agreement maliciously, i.e.

  2. 3E-The legislation that protects individuals and groups from the misuse of ICT

    Maria should comply with the organisation and know how and where her personal data is placed. The data protection act can be very beneficial to all including Maria Korelli. This is because it protects people who give out personal details, like their credit card numbers so that the people who

  1. ICT - Data Protection

    The Data Protection Act was developed to give protection and lay down rules about how data about people can be used. Usually this data is stored on a computer. The Data Protection Act 1998 covers: - Information or data - stored on a computer or an organised paper filing system - about living people.

  2. Outline the Data Protection Act and give examples of breaches.

    The longer they hold personal files, the longer they will need to ensure that they are accurate. Also, the longer that information is kept after its needed, the less it becomes relevant. There are no benefits of actually keeping the data for longer than necessary. Data Protection Act Breach 1.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work