The Data Protection Act 1998 - questions and answers
Extracts from this essay...
The Data Protection Act 1998 The Data Protection Act 1998 is a security issue. The seventh Data Protection Principle requires adequate security measures to protect personal data; while the eighth Principle prohibits the export of such data to countries outside of the EU that do not have an adequate level of data protection for data subjects (at the moment, this includes the USA). And on top of this, individual company directors can be held liable. Nevertheless, the new Data Protection Act is still little understood - so we asked Elaine McKinney, a solicitor with MacRoberts, to give us an overall picture of this new law. Why do we need a Data Protection law? Due to the explosion in use of computers concerns were expressed that information was being processed about individuals without their knowledge and without the ability to have access to that information or correct it if it was wrong. The Data Protection law attempts to maintain a balance between the rights of individuals and the ability of others to process information about them. What is the law in the UK? The Data Protection Act 1984 will soon be replaced by the Data Protection Act 1998 ('the 1998 Act'). The 1998 Act is being introduced to allow the UK to comply with its European obligations. The UK is late in introducing the new law and no firm date has yet been set for it to become law. So, is the new law in force yet? The 1998 Act is not yet in force. Until it becomes law, there is no requirement to comply with it; but remember, the provisions of the Data Protection Act 1984 still apply. Also, some public bodies which are considered 'emanations of the state' have to comply with the underlying European Directive straight away. Will the law totally change with the 1998 Act? Although there are substantial differences including the application of the law to some manual data not just computerised data, a new category of data called
Again this term is not defined in the 1998 Act and is question of fact in each case. The Commissioner has stated that she will take into account a number of factors including how much it would cost the data controller to provide the information weighed against the benefits to the data controller of processing the information. What type of manual information is caught by the 1998 Act? Manual information which is held in a 'relevant filing system' is caught by the 1998 Act. A relevant filing system is defined as any set of information relating to individuals which, although not processed automatically, is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible. The critical point relating to relevant filing systems is the structure of the information within a filing system rather than the nature of the information itself. If specific information relating to a particular individual is readily accessible then the manual information will be caught. There is some confusion over what a relevant filing system actually is however the government believes that the wording covers highly structured systems including card index systems but would not include a ring binder full of information about an employee if specific information about that employee could not be readily accessed. Companies need to have a look at how they hold manual information to see whether this could fall within the definition of a relevant filing system. It should also be remembered that individuals will have the right to see manual data held in a relevant filing system by making a subject access request and companies need to think about setting up procedures to give individuals subject access to manual files. There are transitional provisions under the 1998 Act which mean that not all existing manual files will be caught by the 1998 Act from day one.
This assumes that all EEA States will have implemented Directive 95/46 as this provision is drawn from Article 25(1). There is no objective test of adequacy given in either the Directive nor the Act; the level of adequacy has to be determined subjectively as 'one which is adequate in all the circumstances of the case having regard...' to factors similar to the other Data Protection Principles. The adequacy test applied to the recipient country or territory is likely to be the same (or higher) than that imposed by the Act. Where it appears to a Member State that a particular country does not afford an adequate level of protection and the European Commission confirms this, Member States will be required to prohibit the transfer of data to that country. Conclusion The 1998 Act, although built around the provisions of the 1984 Act, constitutes a major departure in some areas. Companies require to look at how they hold and process data and will in particular have to consider how they intend to meet the new conditions for processing of data discussed above. In addition procedures will require to be put in place to deal with subject access requests which, in time, will also apply to manual as well as computerised data. The Act's provisions regarding the prohibition of the transfer of data to countries which do not have an adequate level of protection will have a significant on companies which process or transfer data overseas or which have overseas customers or branches. Much of the Act's terms will require to be fleshed out in subordinate legislation and guidance. Further information can be obtained on the Commissioner's web site at http://www.open.gov.uk/dpr/dprhome.htm. The information contained in this guide is intended to provide a brief overview of the main provisions of the new law. It is of the nature of general comment only and neither purports nor is intended to be advice on any particular matter. Readers should not act on the basis of any of the information contained here without taking appropriate legal advice on their own particular circumstances.
Found what you're looking for?
- Start learning 29% faster today
- Over 150,000 essays available
- Just £6.99 a month
- Over 180,000 student essays
- Every subject and level covered
- Thousands of essays marked by teachers