Safeguarding Personal Data Through Data Protection Act

The Data Protection Act came into existence with an objective: to protect data from being processed and misused by anyone. The act was started in 1984. At the time, it was implemented to protect personal data from being processed automatically. Then, it was followed by the Data Protection Act 1998 which remitted the Data Protection Registrar position and renamed it to Data Protection Commissioner. Freedom of Information Act 2000 further expanded the role of the commissioner to Office of the Information Commissioner.

Data refers to information that needs to be processed by the computer as a word document or a spreadsheet and is stored on the computer for future use or a source of information in the form of a record. Personal data is discriminated from personal sensitive data in the Data Protection Act and the act only applied to the personal information.

The act covers any data that is relevant to the identification of a living person. For example, name, address, phone numbers, birth days, Fax numbers, E-mail addresses etc. The act only applies to the data which is held or is subjected to be held on the computer. It is a right for people whose information is stored on the computer, for those who store this information and for those who collect such personal information.

The act lays down eight principles of handling the information related to personal data:

  • The personal data can only be used for the purpose for which it is collected.
  • The other parties cannot access the data without the consent of the individual, whose data is in use.
  • An individual has the right to access the information that is processed about him.
  • As soon as the information is processed, it becomes no longer in use.
  • As the act is under the United Kingdom, the information can not pass outside the European Economic Area (EEA).
  • All entities that process personal information must register themselves with the Information Commissioner.
  • Entities processing information must have substantial security measures.

However, Data Protection Act is based on certain data protection principles that are provided below:

  • Personal data cannot be processed until it meets at least one condition from schedule 2 and schedule 3 of the Act.
  • Personal data shall be obtained only for one or two purposes lawfully and then it cannot be used further.
  • Personal data has to be accurate and must be kept up to date.
  • Appropriate measures should be taken to avoid unauthorized and unlawful use of the data.
  • Perfect data cannot be transferred across the country.
  • Full attention has to be paid towards the security towards data corruptions and losses.

The Data Protection Act encompasses the convenience of the person whose information is being processed and for all those who process and collect data.