Data Protection

Use of techniques such as file locking and record is locking, database shadowing, disk mirroring, to ensure the availability and integrity of the data. Data Protection means that those who decide how and why personal data are processed must comply with data protection principles. Those about whom data is stored and handled also have with rights. You will find here information on protection of personal data, access to data, confidentiality and data security.

The Data Protection Act

The Data Protection Act controls how your personal information is used by organisations, businesses or the government.

Everyone who is responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the UK without adequate protection

There is stronger legal protection for more sensitive information, such as:

• ethnic background
• political opinions
• religious beliefs
• health
• sexual health
• criminal records

Find out what data an organisation has about you

The Data Protection Act gives you the right to find out what information the government and other organisations stores about you.

Write to the organisation and ask for a copy of the information they hold about you. If you do not know who in the organisation to write to, address your letter to the company secretary.

The organisation is legally required to provide you with a copy of the information they hold about you if you request it.

When information can be withheld

There are some situations when organisations are allowed to withhold information, e.g. if the information is about:

• the prevention, detection or investigation of a crime
• national security or the armed forces
• the assessment or collection of tax
• judicial or ministerial appointments

An organisation does not have to say why they are withholding information.

How much it costs

Some organisations may charge you for providing the information. The cost is usually no more than £10 but it can be more if the information is contained within either:

• certain types of records e.g. health or education records
• a large number of paper records held in an unstructured way by a public authority

 Make a complaint

In the UK, if you think your data has been misused or that the organisation holding it hasn’t kept it secure, you should contact them and tell them.

If you are unhappy with their response or if you need any advice you should contact the Information Commissioner’s Office (ICO).

Main Principles of Data Protection;

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
   
   (a) at least one of the conditions in Schedule 2 is met, and
   
   (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

http://www.legislation.gov.uk/ukpga/1998/29/contents