Personal Information is data which relates to a living individual who can be either:
- Identified directly from that information or
- Identified indirectly from that information combined with any other data that is in the possession of the organisation holding the information.
The law requires that personal information provided to an organisation is,
- Managed fairly and lawfully
- Recorded accurately and kept secure.
- Kept up-to-date
- Used solely for the purposes agreed to.
- Kept no longer than necessary.
An individual has the legal right to:
- ask an organisation if they hold personal information about them
- ask an organisation that does have their personal information:
- what the information recorded is
- what it's used for
- a copy of all their personal information on record
- receive a copy of all their personal information within 40 days
An individual has the legal right to:
- Take action to rectify, block, erase or destroy inaccurate information.
- Take action for compensation if damage is suffered by any contravention of the Act.
- Take any complaint to the Office of the Information Commissioner, an independent body responsible for ensuring that the rules of the Data Protection Act are complied with.
The First Principle
Personal information must be processed fairly and lawfully.
For sensitive information to be processed an organisation must obtain an individual's explicit consent.
Sensitive personal data is information about an individual's,
- racial or ethnic origin
- political opinions
- religious opinions
- trade union membership
- physical or mental health
- sexual life
- alleged or actual legal offences
- legal proceedings or judgements.
The Second Principle
Personal information must be obtained and used for specified and lawful purposes.
We must make sure that an individual knows and understands why we want to use information about them.
We should make it clear to the individual what the information will be used for and who else it may be passed on to.
The Third Principle
Personal information must be adequate, relevant and not excessive.
We should only collect and keep personal information that allows us to do our work.
We should not hold any unnecessary personal details.
The Fourth Principle
Personal information must be accurate and kept up-to-date.
It is important for us to make sure that the personal information we hold is correct, up-to-date, and not misleading.
When collecting this information we should take reasonable steps to make certain that personal details are accurate.
The Fifth Principle
Personal information must be kept for no longer than necessary.
We should only keep on record a person's details for as long as it takes for us to do our work and no longer.
The information should be regularly updated and disposed of securely when we no longer need to use it.
The Sixth Principle
Personal information must be processed in accordance with the rights of the individual.
While we are working with a person's details we should make sure we do not use the information in a way which could cause them damage or distress.
We must also remember that an individual has the legal right to be given a copy of all their personal information recorded.
The Seventh Principle
Personal information must be kept secure.
We need to make sure that personal details held by us are safe from damage, accidental loss, destruction or unlawful access.
We should consider the harm or damage that could be caused through a breach in security and provide appropriate levels of,
- security vetting to ensure the reliability of personnel
- physical security
- technological security
The Eighth Principle
Personal information must be properly protected when transferred overseas.
Personal information should not be transferred outside European Economic Areas to countries that do not ensure adequate levels of data protection for data subjects.
Adequate security measures should be taken to make certain information is not violated either in transit or at its destination.
Areas of Exemption
There are a number of areas of exemption provided for within the Data Protection Act. Although it is not the objective of this course to cover these in any detail, an awareness of them is valuable.
Different levels of exemption apply to different areas. Other examples of areas where exemptions apply are those involving,
- National Security
- Crime and Taxation
- Credit Reference Agencies
- Health, Education and Social Work
- Journalism
- Legal, Professional Privilege
- Public Information, information made available to the public by law.
No comments:
Post a Comment