The Data Protection Act 1998 was passed by Parliament in an attempt to control the way information is handled and stored, giving legal rights to individuals who have personal information stored on computers and in paper databases by other people/organisations and the government.
How Does the Act Protect my Data?
The Act incorporates 8 ‘data protection principles’, which require any institution, whether it be governmental or private, that collects an individual’s personal information, to keep that information safe.
Principle 1: Processing Data Fairly and Lawfully
This is one of the eight principles which are at the heart of data protection. The main goal is to ensure that the individual’s data which is being processed is protected.
Under this principle, you must possess legal grounds for gathering and handling personal data. You must ensure you use this data only in a lawful manner, and prevent data use which may have negative effects on the individual whose data it is, which are completely unjustified. You must also be transparent as to how you are going to utilize the data which is collected. Additionally, you must make sure you only handle an individual’s personal data in a way which is reasonably expected.
Principle 2: Processing Personal Data for Specified Purposes
This principle ensures that organisations must give clear reasons behind why they are collecting your personal data.
Principle 3: The Amount of Personal Data that can be Held
Organisations must ensure that the personal information they hold on individuals is sufficient for the purpose it is being held. Additionally, organisations should not hold additional information than is necessary for the stated purpose.
Principle 4: Keeping Personal Data Accurate and Current
Although the Act realises it is impossible to re-check all pieces of personal information, it does place a duty on organisations to take reasonable steps in checking the accuracy of personal data they have collected. Organisations should ensure that the source of the data is clear, and that they consider whether they need to update data, or consider challenges to a piece of information’s accuracy.
Principle 5: Retaining Personal Data
This principle states that there is no set maximum time limit that an organisation can store personal data. Instead, an organisation cannot hold personal data for longer than is necessary for it to fulfil its stated purpose. Another information that needs to be deleted/disposed of should be done so securely.
Principle 6: Individuals’ Rights
This principle provides individuals with a right to access the information organisations hold on them, and also object to the processing of any information which may be distressing/damaging. Individuals also have the right to stop information used for direct marketing, and a right to challenge an automated machine making decisions in relation to their personal data.
Individuals have the right to pursue damages from any organisation which is in breach of this Act.
Principle 7: Information Security
The measures which are appropriate to securing information will vary depending on the type of organisation and its circumstances. Organisations should therefore use a risk-based approach in deciding what level of security the organisation needs.
Principle 8: Sending Personal Data Outside the European Economic Area
This principle states that personal data shall not be transferred outside the European Economic Area. The only exception is where that territory/country can ensure a sufficient height of security for the data.
How Can I Find Out What Information Organisations Hold about Me?
You have the right to find out what information organisations and the government holds on you. All you need to do in order to find out what this information is is submit your request in writing. Once the organisation receives this request, they are legally obliged to provide you with the information they hold.
Do be aware of the fact that some organisations may charge a fee for providing this information. They are not allowed to charge a fee higher than £10 for digital information, or a fee higher than £50 for paper medical records. If you would like to find out what information credit agencies hold on you, this can be done online (normally for a fee of £2).