Hi, I'm Luca and I am a student in year 10 at St. Francis Xavier's College in Woolton, Liverpool. One of the subjects I am currently studying at school is ICT, and I am going to share my knowledge and understanding of this subject with everyone in a series of blogs. In this particular blog, I will be discussing the legal impacts of ICT: Data Protection Act. I hope that you enjoy this blog, and come away learning something new which you can hopefully pass on to someone else.
The 8 Principles of the DPA
There are 8 principles in total of the Data Protection Act.
1. Principal: Personal data should be obtained and processed fairly and lawfully.
Meaning: This means that you should be told about data that is being collected about you and should be asked for your permission to collect it.
You should also be made aware of the reason why the data will be collected and what it will be used for.
2. Principle: Personal data can be held only for specified and lawful purposes.
Meaning: The Data Controller has to state why they want to collect and store information when they apply for permission to be able to do so. If they are using the data they have collected for other purposes, they are breaking the law.
3. Principle: Personal data should be adequate, relevant and excessive for the required purpose.
Meaning: Organisations should only collect the data that they need and no more. Your school only needs to know your parent's phone number in case they need to contact them in case of an emergency. However, they do not need to know what your Grandmother's name is, as is the same in terms of them not needing to know your eye colour. They should not ask, and they should not store these details as this would be excessive and would not be required to help you with your education.
4. Principle: Personal data should be kept accurate and up-to-date.
Meaning: Companies should do their best to make sure that they do not record the wrong facts about a data subject. Your school probably asks your parents to check a form once a year to make sure that the phone and address on the school system is still correct. If a person asks for the information to be changed, the company should comply if it can be proved that the information is indeed incorrect.
5. Principle: Personal data should not be kept for longer than is necessary.
Meaning: Organisations should keep data for a reasonable length of time. Hospitals may need to keep patient information for 25 years or more, that is acceptable as they may need the information to treat a particular illness later on. However, there is no need to keep a personnel department to keep the application forms of unsuccessful job applicants.
6. Principal: Data must be processed in accordance with the rights of the data subject.
Meaning: People have a right to inspect the information help on them. If the data being held on them is incorrect, they have the right to have it changed.
7. Principal: Appropriate security measures must be taken against unauthorised access.
Meaning: This means information has to be kept safe from hackers and employees who don't have rights to see it. Data must also be safeguarded against accidental loss.
8. Principal: Personal data cannot be transferred to countries outside the E.U. unless the country has similar legislation to the D.P.A.
Meaning: This means that if a company wishes to share data with an organisation with a different country, that country must have similar laws to our Data Protection Act in place.
No comments:
Post a Comment