Data Protection Act 1984
|
The 'Data Protection Act 1984' (DPA) is a British Act of Parliament that provides a legal basis for the privacy and protection of data of UK citizens and businesses. Data disclosed by a party to another party may only be used for the specific purposes it was disclosed for. The data can only be kept for an appropriate length of time and must not be disclosed to other parties (without consent of data owner). The Act provided for a regulatory authority, the Data Protection Registrar, to oversee implementation of and adherence to the Act. Schools can not keep information about someone after they left school for any longer than ten years It was followed up by the Data Protection Act 1998, actually an implementation of European Union Directive 95/46/EC which, amongst other measures, expanded the remit of the DPR and renamed the position to the Data Protection Commissioner.
Most recently, the Freedom of Information Act 2000 further expanded the role to include freedom of information and the job title was changed to Information Commissioner.
The UK DPA has a reputation for complexity. While the basic principles are lauded for protecting privacy, interpreting the act is not always simple.
The data protection act covers all personal data in which an organisation may hold e.g. name, DOB, Address, Phone no. etc.
Data Protection Principles
Personal data must be -
- Processed fairly and lawfully.
- Obtained for specified and lawful purposes.
- Adequate, relevant and not excessive.
- Accurate and up to date.
- Not kept any longer than necessary.
- Processed in accordance with the "data subject's" (the individual's) rights.
- Reasonably securely kept.
- Not transferred to any other country without adequate protection in situ.
See also
External links
- The Data Protection Act Explained (http://www.dataprotectionact.org)
- Data Protection Act 1998 (http://www.hmso.gov.uk/acts/acts1998/19980029.htm) (full text from
HMSO)