The Data Protection Act, 1998

The ‘right to privacy’ is a right we all expect. We do not expect personal details such as our age, medical records, personal family details and, political and religious beliefs to be freely available to everybody. With the growth of information and communication technology, large databases are able to hold huge quantities of information and global networks are able to share and distribute this information around the world in seconds. To protect people and their personal information, the Data Protection Act was formed. The first Act was made law in 1984 but was replaced by a new Act in 1998 to include the European Union law.

If any person, organisation, company or business wishes to hold personal information about people, they must register with the Office of the Data Protection Commissioner.

The Data Protection Act contains eight basic principles. A summary of these:

be processed fairly and lawfuuly
be obtained for specified and lawful purposes
be adequate, relevant and not excessive for the purpose
be accurate and up-to-date
not be kept longer than necessary
be processed within the rights of data subjects
be kept secure against loss, damage and unauthorised and unlawful processing
not be transferred to countries outside the European Economic ...

This is a preview of the whole essay

If any person, organisation, company or business wishes to hold personal information about people, they must register with the Office of the Data Protection Commissioner.

The Data Protection Act contains eight basic principles. A summary of these:

be processed fairly and lawfuuly
be obtained for specified and lawful purposes
be adequate, relevant and not excessive for the purpose
be accurate and up-to-date
not be kept longer than necessary
be processed within the rights of data subjects
be kept secure against loss, damage and unauthorised and unlawful processing
not be transferred to countries outside the European Economic Area

Personal data

Personal data is data that can identify a living person and allow an opinion to be expressed about that person. For example, just a name and address is not considered personal data. If the data also includes their date of birth nd earnings this is considered personal data.

The data can be further classified as ‘sensitive’ personal data if it includes details of a person’s:

racial or ethnic origins
religious beliefs
their physical or mental health or condition
political opinions
whether members of trade unions
sexual life

One big change between the 1984 version of the Act and the 1998 version is that manual records(not kept on a computer are now subject to legislation)

Rights of Data Subjects

In the sixth of the eight principles shown, the rights of the data subject were mentioned. The rights of individuals have increased substantially in the 1998 Act. The individual can:

be given a copy of the data held
prevent processing of the data if it id likely to cause damage or distress
prevent the data being used for direct marketing
prevent automated decisions being made on the basis of data held
receive compensation for damage and distress caused by use of the data
have data corrected, blocked and erased if inaccurate
make a request to the Data Protection Commissioner if they feel the Act has been contravened

Exemptions

There are exemptions to the Act and exemptions in the rules governing the need to register data. These include data that is: