2. Summarise the eight principles of the Act
The eight principals of the data protection act are:
- Personal data shall be processed fairly and lawfully
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
3. Explain what is meant by sensitive personal data
Sensitive personal data is personal data consisting of information regarding: the racial or ethnic origin of an individual; his political opinions; religious beliefs; trade union membership; physical or mental health; sex life; commission of offences; or court proceedings regarding offences. Where a data controller wishes to process sensitive personal data not only does one of the conditions for processing ordinary personal data require to be met but at least one of the additional conditions for processing sensitive personal data must also be met. The additional conditions include that: the individual has given his explicit consent to the processing; or the processing is necessary for the purposes of exercising or performing any right or obligation imposed by law on the data controller in connection with employment; or the information contained in the personal data has been made public as a result of steps taken by the individual. Remember that only one of the additional conditions must be met. If none of these additional conditions can be met then the processing of sensitive personal data is unlawful.
4. Explain the term data user and describe their responsibilities
A data user is someone that holds personal details about us on their computer system.
5. What are the advantages and disadvantages of transferring personal data between computers of different companies?
The disadvantages of transferring data from one company computer to another company and another computer is that they will use the information on the original computer and use the information they have gotten from the original computer to use it for something that it shouldn’t be used for. The advantages of it however is that the transfer of the data would be immediate and there is no way outside people can tamper with the files.
6. Explain the term data subject and what their rights?
You have the right to see any personal details about you on computer or held manually. You also have the right to a description of the data being processed. This means if you do not understand what the data means, then you can have it explained. You are also entitled to know the logic behind any decision when the decision is made automatically.
7. Using a different source of information find out who/what are fully and partially exempt from the Act. (Include your source)
Domestic information
Research and statistical information
National Security