Data Protection Act

From TRCCompSci - AQA Computer Science
Revision as of 20:43, 19 March 2017 by C3ypt1c (talk | contribs) (Changed image size so that it didn't interfere with the text at hand.)
Jump to: navigation, search

The Data Protection Act

Data.jpg

The data protection act is in place to protect peoples data which is stored on servers and on companies computers.

The Data Protection Act states that:

  • If you collect data, you must not use it for a different reason.
  • You must not share data with external sources.
  • People have the right to see data about themselves.
  • You must not keep data for longer than you need to and it must be up-to-date.
  • You must not send data outside the European Economic Area (EEA) to an area with lower protection.
  • People who store data must be registered with the Information Commissioner’s Office (ICO).
  • If you store data, the data must be protected and safe.
  • If companies have information about you that is wrong, it is your right to as them to change it.

Your right to view/request

  • You can ask the organisation you think is holding, using or sharing the personal information you want, to supply you with copies of both paper and computer records and related information.
  • Data requests are fulfilled by an appointed data controller at an organisation.
  • Organisations may charge a fee of up to £10 (£2 if it is a request to a credit reference agency for information about your financial standing only).
  • There are special rules that apply to fees for paper based health records (the maximum fee is currently £50) and education records (a sliding scale from £1 to £50 depending on the number of pages provided).
  • However, it is important to remember that not all personal information is covered and there are ‘exemptions’ within the Act which may allow an organisation to refuse to comply with your subject access request in certain circumstances.