Data Protection principles made Easy
The Data Protection Act 1998 ("the Act") gives individuals the right to know what information is held about them. The Act works in two ways:
- it states that anyone who processes personal information must comply with the eight principles; and
1. be collected and processed fairly and lawfully
The purpose for which personal data is collected and processed should be made clear to the data subject. Data subjects should not be deceived or misled as to the purpose for which their personal data is held or used. Personal data should only be obtained from a person who is legally authorised to supply it.
2. be obtained only for the specific and lawful purposes described in the register entry, and shall not be further processed in any manner incompatible with that purpose or those purposes
Personal data held for one purpose should not be used for another, e.g. research data should not be used for direct marketing. All personal data held must be within terms of a register entry or be specifically exempt from registration.
Personal data must not be disclosed to any person not described in the register entry for that data collection. Details of persons to whom data may be disclosed and by whom are contained in the registration. When deciding whether to disclose data Departments should also consider what disclosure procedures were outlined to data subjects when they gave permission for their data to be held. If data subjects have been told that data will only be released with their permission data should not be released without permission, regardless of the register entry.
3. be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are held
All personal data held must be clear in meaning, and convey sufficient information for others to understand them. This is particularly important where specific action is required. Only information that is necessary should be kept. Records should be unambiguous, accurate and professionally worded. Any abbreviations should be widely agreed. Opinions should be clearly distinguishable from matters of fact. Sensitive data must only be held if really necessary.
4. be accurate and, where necessary, be kept up to date
Personal data must not be inaccurate or misleading to any matter of fact. This is equally applicable to information received from a third party. The source of information should always be included on records. Unauthorised abbreviation of names is inaccurate data.
5. be held no longer than is necessary for the registered purpose
The wide range of reasons for the University to hold personal data makes it impossible to lay down absolute rules about how long particular items of personal data should be retained. Universities UK have a recommended retention schedule for certain kinds of data but as a general rule the destruction of data should be treated on a case-by-case basis. Failure to remove data when its purpose has been served is a breach of the Act.
You might also like
Dont rely on Uncle Sams help for retirementby RetirementWarning
Twenty years ago, retirement was a time to look forward to and savor. But, today, we live in uncertain times. So, for most working adults, retirement has become very complexrequiring years of planning, a well-thought-out strategy, and a phase to be put off as much as possible.
Were living more years in retirement.
Why? Company-sponsored pensions have all but become extinct. Thanks to medical advances and healthier lifestyles, people are living longer. In the early 20th century, life expectancy was 47.3 years vs. todays life span of nearly 79 years.1 According to data from the Social Security Administration, a man who lives to 65 will live on average to age 84, while women of the same age should live to age 86
Scores of blunders sees Norfolk councils breach data laws over confidential .. — Norfolk Eastern Daily Press
Information Commissioner Christopher Graham has previously called for councils to take their responsibilities for protecting personal data more seriously. He said in 2012: “There is clearly an underlying problem with data protection in local government.”.