“The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK.” http://en.wikipedia.org/wiki/Data_Protection_Act_1998 The Data Protection Act protects the consumer by limiting the access that other individuals or organisations have to private information about them, as well as the ways in which this information can be used. Companies are required to work to guidelines on how information is processed, recorded and stored. Limitations are also placed on the length of time data should be kept and how it is shared.
Example of Data Protection -
Police officers and staff in Wales have broken the Data Protection Act 62 times in the past two years. As a result of this four people were sacked and 14 resigned. They were caught carrying out the breaches for non-policing purposes, BBC Wales has discovered under the Freedom of Information Act. They included checks on partners, relatives and associates, altering their own records, and passing data to third parties. Figures show South Wales Police recorded 28 incidents in 2011 and 2012 where an officer or member of staff has breached the Act.
Of the nine resignations, three were given a formal police caution for checking the database "pertaining to an associate, altering own record on police system and checking third parties on police system not for a policing purpose".
Another who resigned was convicted at court after researching and disclosing information to a third party.
Data controllers are required by the Data Protection Act to take "appropriate technical and organisational measures" against unauthorised or unlawful processing. What is an appropriate level of security will vary according to the type of information stored. For example, medical and financial details would demand greater security than details of interests and hobbies. The business operating the website is also obliged to ensure the reliability of any employees with access to personal data.
The act contains eight “Data Protection Principles”. These specify that personal data must be:
1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the individual’s) rights.
7. Securely kept.
8. Not transferred to any other country without adequate protection in situ.
Personal data must be obtained for specified and lawful purposes –
This means that all of the information that has been collected on a person must have been collected for a reason. It should be used for a specific reason and should not be illegal. An example of this is an online store. They would maintain information like where the person lives, email address, and credit card details. This information that they collect means that they can dispatch a product that a person has bought through their credit card and send it to the chosen address. The information that they collect would be used for the specific purchase and nothing else. The online store would use the email address to tell the person that their order has been confirmed and will also give them a way to track their order to see where it is and how long it will be. They would use their credit card details in order to take the amount of money that the item costs out of the persons chosen bank account.
Freedom of Information Act 2000 –
“The Freedom of Information Act 2000 is an Act of Parliament in the United Kingdom that creates a public "right of access" to information held by public authorities. It is the implementation of freedom of information legislation in the United Kingdom on a national level.” - http://en.wikipedia.org/wiki/Freedom_of_Information_Act_2000