Focus on - data protection
Do you ever need to grasp just the essentials of a subject without having to deal with lots of extra confusing, and sometimes, conflicting information?
EduCare Business Skills Online is a set of 15 single module online learning courses that do exactly that - give you the essentials (not the confusing, conflicting information!), so that you can focus only on what you need to know, without any unnecessary jargon.
Read on to learn a little about data protection. What follows is taken from part of the EduCare Business Skills course 'An Introduction to Data Protection'.
Data protection - why all the fuss?
When the Data Protection Act was made law in 1998, many myths abounded about what organisations could or could not do for fear of infringing it and incurring sizeable penalties. However, most if it is just common sense and typically, most organisations will already have systems in place that already comply.
The Act was introduced in response to organisations’ increasing use of computers in the second half of the twentieth century. Before this, most records were typed on an old fashioned typewriter or handwritten and stored in a paper filing system which made access to them so much more difficult.
Computers allowed people to easily access, search and edit files on electronic databases. As technology developed, computers were then networked, so potentially everyone in an organisation could access database information, some of it potentially very sensitive. As the number of organisations using computers to store and process personal information grew, people became more aware that information could be misused or fall into the wrong hands.
The Data Protection Act 1998 updated previous data protection law. It was introduced to control the way information is handled and it also gave legal rights to people who have information stored about them.
The primary purpose of the Act is to promote high standards in the handling of personal information and therefore protect an individual’s right to privacy.
The Act is enforced by the Information Commissioner (IC) who keeps a register of organisations that are required to notify them about their information processing activities (details of the types of organisations who must notify can be found at www.ico.gov.uk).
The main 8 requirements of the Act
There are eight data protection principles that together constitute what the IC regards as good information handling.
These are that all personal information about individuals should be:
- Fairly and lawfully processed (the IC describes processing as ‘obtaining, disclosing, recording, holding, using, erasing or destroying personal information’. They also state that: ‘The definition is very wide and will cover virtually any action which is carried out on a computer’).
- Processed for a specified purpose (this means that information can only be used for those purposes the organisation has registered with the IC. It can not be given away or sold unless an individual has given permission).
- Adequate, relevant and not excessive (when compared with the purpose stated in the register, for example, you must not collect more data than you need to fulfil the task stated in the IC’s register).
- Accurate and, where necessary, kept up-to-date (for example updating peoples’ names when they marry or their addresses when they move house).
- Not kept for longer than is necessary (information can only be held for specified periods, not indefinitely).
- Processed in line with the rights of the individual (people have a right to know what information is held about them by organisations and they can ask to see it. Individuals also have a right to prevent organisations from using their personal details for marketing purposes).
- Kept secure (meaning backed up and protected from unauthorised access).
- Not transferred to countries outside the European Economic Area unless the information is adequately protected.
