data protection act
DESCRIPTION
TRANSCRIPT
Data Protection ActData Protection Act
Year 11 RevisionYear 11 Revision
ObjectivesObjectives
By the end of this topic you will be able to:By the end of this topic you will be able to:
Identify the provisions of the 1998 Data Identify the provisions of the 1998 Data Protection ActProtection Act
Identify the responsibilities of data usersIdentify the responsibilities of data users Identify the rights of data subjectsIdentify the rights of data subjects Identify the full and partial exemptions to the Identify the full and partial exemptions to the
actact
ObjectivesObjectives
By the end of this Lesson you will be able By the end of this Lesson you will be able to:to:
Identify the provisions of the 1998 Data Identify the provisions of the 1998 Data Protection ActProtection Act
ALL – Will know why and when it was introducedALL – Will know why and when it was introduced
MOST – Will define 4 of the principles and explainMOST – Will define 4 of the principles and explain
SOME – Will define 8 of the principles and explainSOME – Will define 8 of the principles and explain
The Data Protection ActThe Data Protection Act
WHY was it introduced?WHY was it introduced?
The Data Protection Act grew out of public The Data Protection Act grew out of public concern about personal privacy in the face of concern about personal privacy in the face of rapidly developing computer technology.rapidly developing computer technology.
It works in two ways, giving individuals certain It works in two ways, giving individuals certain rights whilst requiring those who record and use rights whilst requiring those who record and use personal information on computer to be open personal information on computer to be open about that use.about that use.
The Data Protection ActThe Data Protection Act
WHEN was it introduced?WHEN was it introduced?
The Data Protection Act became law on The Data Protection Act became law on 1212thth July 1984 and was updated in 1998 July 1984 and was updated in 1998
It states that anyone processing It states that anyone processing ‘personal ‘personal data’data’ must comply with the must comply with the 88 enforceable enforceable principles of good practice.principles of good practice.
The Data Protection PrinciplesThe Data Protection Principles
Data must be:Data must be:1.1. Fairy and lawfully processedFairy and lawfully processed
2.2. Processed for specified purposesProcessed for specified purposes
3.3. Adequate, relevant and not excessiveAdequate, relevant and not excessive
4.4. Accurate and, where necessary, up to dateAccurate and, where necessary, up to date
Quick CheckQuick Check
Question Question (objective - ALL)(objective - ALL)
Why was the data protection act Why was the data protection act introduced?introduced?
AnswerAnswer
Because the public were concerned about Because the public were concerned about personal privacy in the face of rapidly personal privacy in the face of rapidly developing computer technologydeveloping computer technology
Quick CheckQuick Check
Question Question (objective - ALL)(objective - ALL)
When was the data protection act When was the data protection act introduced? And when was it updated?introduced? And when was it updated?
AnswerAnswer
Introduced - 12Introduced - 12thth July 1984 July 1984
Updated - 1998Updated - 1998
Quick CheckQuick Check
QuestionQuestion
What is meant by personal data?What is meant by personal data?
AnswerAnswer
Information about living identifiable Information about living identifiable individualsindividuals
Quick CheckQuick Check
Question Question (objective - MOST)(objective - MOST)
Tell me the first 4 principles of the Data Tell me the first 4 principles of the Data Protection Act?Protection Act?
AnswerAnswer Data must be:Data must be:1.1. FFairy and lawfully processedairy and lawfully processed2.2. PProcessed for specified purposesrocessed for specified purposes3.3. AAdequate, relevant and not excessivedequate, relevant and not excessive4.4. AAccurate and, where necessary, up to dateccurate and, where necessary, up to date
The Data Protection PrinciplesThe Data Protection Principles
Data must be:Data must be:5.5. Not kept longer than necessaryNot kept longer than necessary
6.6. Processed in accordance with the data Processed in accordance with the data subject’s rightssubject’s rights
7.7. SecureSecure
8.8. Not transferred to countries without Not transferred to countries without adequate protectionadequate protection
DefinitionsDefinitions
Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address
Data Subjects – The individuals to whom the personal data relate.
DefinitionsDefinitions
Data Users – Those who control the contents and use of a collection of personal data.
They can be any type of company or organisation
A data user does not necessarily own a computer
Quick CheckQuick Check
Question Question (objective - Most)(objective - Most)
Tell me the last 4 principles of the Data Tell me the last 4 principles of the Data Protection Act?Protection Act?
AnswerAnswer Data must be:Data must be:5.5. NNot kept longer than necessaryot kept longer than necessary6.6. PProcessed in accordance with the data subject’s rocessed in accordance with the data subject’s
rightsrights7.7. SSecureecure8.8. NNot transferred to countries without adequate ot transferred to countries without adequate
protectionprotection
Quick CheckQuick Check
QuestionQuestion
Define Data Subjects?Define Data Subjects?
AnswerAnswer
The individuals to whom the personal data relate
Quick CheckQuick Check
QuestionQuestion
Define Data Users?Define Data Users?
AnswerAnswer
Those who control the contents and use of a collection of personal data
Data UsersData Users
With few exceptions, all data users have to With few exceptions, all data users have to register to the Data Protection Registrar.register to the Data Protection Registrar.
They must give their name and address together They must give their name and address together with broad descriptions of:with broad descriptions of:
The items of data heldThe items of data held The purpose for which the data are heldThe purpose for which the data are held Who will have access to the dataWho will have access to the data The types of organisations to whom the informationThe types of organisations to whom the information
may be disclosed i.e. shown or passed on tomay be disclosed i.e. shown or passed on to Any overseas countries or territories to which the data Any overseas countries or territories to which the data
may be transferred.may be transferred.
The Information CommissionerThe Information Commissioner
The information Commissioner enforces and oversees the Data The information Commissioner enforces and oversees the Data Protection Act 1998 and the Freedom of information Act 2000.Protection Act 1998 and the Freedom of information Act 2000.
The Commissioner reports annually to Parliament. The Commissioner reports annually to Parliament.
They promote good information handling and provide guidelines.They promote good information handling and provide guidelines.
They investigate complaints (act as Ombudsman) and provide helpThey investigate complaints (act as Ombudsman) and provide help
Their mission is to:Their mission is to:
““Promote public access to official information and protecting your Promote public access to official information and protecting your personal information”personal information”
The Rights of Data SubjectsThe Rights of Data Subjects
Apart from the right to complain to the registrar, Apart from the right to complain to the registrar, data subjects also have a range of rights, these data subjects also have a range of rights, these are:are:
Right to compensation for unauthorised disclosure of Right to compensation for unauthorised disclosure of datadata
Right to compensation for inaccurate dataRight to compensation for inaccurate data Right to access to data and to reply for rectification or Right to access to data and to reply for rectification or
erasure where data are inaccurateerasure where data are inaccurate Right to compensation for unauthorised access, loss Right to compensation for unauthorised access, loss
or destruction of dataor destruction of data
Exemptions from the ActExemptions from the Act
The act does not apply to payroll, pensions and The act does not apply to payroll, pensions and accounts data;accounts data;
Registration may not be necessary when the Registration may not be necessary when the data are for personal, family, household or data are for personal, family, household or recreational use;recreational use;
Subjects do not have a right to access data if the Subjects do not have a right to access data if the sole aim of collecting it is for statistical or sole aim of collecting it is for statistical or research purposes;research purposes;
Exemptions from the ActExemptions from the Act
Data can be disclosed to the data subjects Data can be disclosed to the data subjects agent (e.g. lawyer or accountant);agent (e.g. lawyer or accountant);
Additionally, there are exemptions for Additionally, there are exemptions for special categories, including data held:special categories, including data held:
In connection with national securityIn connection with national security For prevention of crimeFor prevention of crime For the collection of tax or dutyFor the collection of tax or duty
TRUE or FALSETRUE or FALSE
You only have to register with the Data You only have to register with the Data Protection Registrar if you keep sensitive Protection Registrar if you keep sensitive information on computer?information on computer?
FALSEFALSE
The act does not differentiate between sensitive and non The act does not differentiate between sensitive and non sensitive information. Even a simple name and address sensitive information. Even a simple name and address might be sensitive in certain circumstancesmight be sensitive in certain circumstances
TRUE or FALSETRUE or FALSE
Information can be stored on computer and Information can be stored on computer and passed on without my permission?passed on without my permission?
TRUETRUE
Your consent is not required before information is stored Your consent is not required before information is stored or passed on about you. However, the act requires that or passed on about you. However, the act requires that the source of the data (usually you) is properly notified the source of the data (usually you) is properly notified about what is happening to the information when it is about what is happening to the information when it is given.given.
TRUE or FALSETRUE or FALSE
There is one big computer at the registrars There is one big computer at the registrars office that stores all the information about office that stores all the information about everyone in the country?everyone in the country?
FALSEFALSE
The Registrars office has a register of all the The Registrars office has a register of all the data users and their processing activities.data users and their processing activities.
TRUE or FALSETRUE or FALSE
You have to have a computer to be a data You have to have a computer to be a data user?user?
FALSEFALSE
The act defines a data user as the person in The act defines a data user as the person in control of the contents and use of the control of the contents and use of the information being processed, this could mean information being processed, this could mean manual records too.manual records too.
TRUE or FALSETRUE or FALSE
ANYONE who holds and processes ANYONE who holds and processes personal data must comply with the Act?personal data must comply with the Act?
FALSEFALSE
There are exceptions (e.g. payroll, pensions and There are exceptions (e.g. payroll, pensions and accounts data)accounts data)
Quick CheckQuick Check
Question Question (objective - ALL)(objective - ALL)
Why was the data protection act Why was the data protection act introduced?introduced?
AnswerAnswer
Because the public were concerned about Because the public were concerned about personal privacy in the face of rapidly personal privacy in the face of rapidly developing computer technologydeveloping computer technology
Quick CheckQuick Check
Question Question (objective - ALL)(objective - ALL)
When was the data protection act When was the data protection act introduced? And when was it updated?introduced? And when was it updated?
AnswerAnswer
Introduced - 12Introduced - 12thth July 1984 July 1984
Updated - 1998Updated - 1998
Quick CheckQuick Check
Question Question (objective - SOME)(objective - SOME)
Tell me the 8 principles of the Data Protection Act?Tell me the 8 principles of the Data Protection Act?
AnswerAnswer Data must be:Data must be:1.1. FFairy and lawfully processedairy and lawfully processed2.2. PProcessed for specified purposesrocessed for specified purposes3.3. AAdequate, relevant and not excessivedequate, relevant and not excessive4.4. AAccurate and, where necessary, up to dateccurate and, where necessary, up to date5.5. NNot kept longer than necessaryot kept longer than necessary6.6. PProcessed in accordance with the data subject’s rightsrocessed in accordance with the data subject’s rights7.7. SSecureecure8.8. NNot transferred to countries without adequate protectionot transferred to countries without adequate protection
Activity/HomeworkActivity/Homework
Read through the case study and answer Read through the case study and answer the questions.the questions.
Give detailed answers (not just one word Give detailed answers (not just one word answers)answers)
Come up with a way of remembering the 8 Come up with a way of remembering the 8 principles of the Data Protection act (not principles of the Data Protection act (not an acronym)an acronym)
FF PP AA AA NN PP SS NN
FFriendlyriendly
PPeopleeople
AAlwayslways
AAsksk
NNiceice
PPlonkerslonkers
SSometimesometimes
NNeverever
FFairy and lawfully processedairy and lawfully processedPProcessed for specified purposesrocessed for specified purposesAAdequate, relevant and not excessivedequate, relevant and not excessiveAAccurate and, where necessary, up to dateccurate and, where necessary, up to dateNNot kept longer than necessaryot kept longer than necessaryPProcessed in accordance with the data subject’s rightsrocessed in accordance with the data subject’s rightsSSecureecureNNot transferred to countries without adequate protectionot transferred to countries without adequate protection
StructureStructure
Hand in homework (case study)Hand in homework (case study)
Introduce test (explain word)Introduce test (explain word)
TESTTEST
Finish PowerPointFinish PowerPoint
Discuss homework 8 principlesDiscuss homework 8 principles
TESTTEST
Exam conditions – NO TALKINGExam conditions – NO TALKING
30 minute test30 minute test If you have finished you sit quietly and put If you have finished you sit quietly and put
your hand up.your hand up.
http://www.informationcommissioner.gov.uk/http://www.informationcommissioner.gov.uk/
We will then finish the unitWe will then finish the unit