The Data Protection Act

The first British Data Protection Act to protect the individual's right to hold, and pass on, personal data came into force in 1984 and was mainly concerned with personal data being held on a computer or like device. This was superceded by a much wider ranging act in 1998. Much of the reason for the act in the first place was triggered by a European Union directive. The 1998 act came into force on 1st March 2000.

The Data Protection Act provides for a register of databases that contain personal information to be compiled, which holds the type of information being held and how it is going to be used. The 1984 act specified data being held electronically, the 1998 act not only specifies electronic databases but also those held manually or in paper form, such as card index files.

The individual has the right to enquire of an organisation what data is being held and how it is being used.

In order not to be prosecuted under the act the organisation must adhere to some principles of good practice. The data must be:

  • obtained and processed fairly and lawfully
  • held only for the lawful purposes described in the register
  • used only for the purpose described and only disclosed to those people
  • adequate, relevant and not excessive
  • accurate and, where necessary, kept up to date
  • accessible to the individual concerned who, where appropriate, has the right to have information about themselves corrected or erased
  • surrounded by proper security mechanisms to ensure disclosures are only made to authorised persons

The organisation holding the data must not pass it on to countries outside the European Union, unless they have a similar act to cover the data of their own individuals and that which comes from outside. One such county which does not have these provisions is the USA. This has a an effect on personal data being held on the Internet.

Special data can only be held with the explicit consent of the individual. This data consists of such things as racial, ethnic origins, relate to political affiliations, religious or other beliefs.

More information and a complete copy of the Data Protection Act 1998 can be obtained from the Internet at: http://www.hmso.gov.uk/acts/acts1998/19980029.htm.