]> Data Protection Act | Web Developer Reference Blog
«
»

Data Protection Act

The Data Protection Act gives individuals the right to know what information is held about them, and it provides a framework to ensure that personal information is handled properly. This article discusses your rights and the obligations of those who hold personal data.

The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

The second area covered by the Act provides individuals with important rights which must be honoured.

An individual has the right, given 21 days of notice in writing:

  • to prevent processing for purposes of direct marketing, which should be honoured on any order form. It must be incorporated into an database to allow any organisation to honour this on receiving a written request.
  • of access to personal data. Facilities must be supplied to allow an organisation to honour this
  • to prevent processing likely to cause damage or distress. e.g. a generic marketing letter from e-commerce solution which sells personal items

More on personal data supplied

A system created to honour this right must ensure it reveals no personal data, cause threat, harm or distress to any other individual and processed over a secure channel (https). It is up the the organisation to ensure they transmit the data to the individual in a secure manor such as a signed for courier.

Should an individual or organisation feel they’re being denied access to personal information they’re entitled to, or feel their information has not been handled according to the eight principles, they can ask the Information Commissioner to help. Complaints are usually dealt with informally, but if this isn’t possible, enforcement action can be taken.

Tags: Data Protection, UK Law

This entry was posted on Thursday, February 25th, 2010 at 1:03 pm and is filed under Legal. You can leave a response, or trackback from your own site.

Leave a Reply