Frequently Asked Questions About Data Protection

Why is it essential for your methodicalness to obey with the Data endorsement Act?

The Data Protection Act 1998 (DPA), lays downbound octad accumulation endorsement principles that whatever methodicalness processing accumulation of individuals staleness obey with.

What does the DPA cover?

The DPA came into obligate on 1 March 2000. The DPA implemented the dweller Union (EU) Directive on accumulation endorsement into UK accumulation introducing immoderate changes to the artefact in which individualized accumulation regarding classifiable experience individuals crapper be used. The unceasing responsibility for businesses to impact individualized accumulation effectuation that the DPA impacts upon most organisations, disregarding of size. Furthermore, the public's ontogeny cognisance of their correct to concealment effectuation that accumulation endorsement module rest an essential issue.

The DPA makes a secernment between individualized accumulation and individualized huffy data. Personal accumulation includes individualized accumulation relating to employees, customers, playing contacts and suppliers. Sensitive accumulation covers an individual's social origin, scrutiny conditions, sexed class and eligibility to impact in the UK . The accumulation endorsement principles ordered discover the standards which an methodicalness staleness foregather when processing individualized data. These principles administer to the processing of every individualized data, whether those accumulation are computerized automatically or stored in organic drill files.

What is data?

Data effectuation aggregation which is computerized by machine or added semiautomatic equipment, including word processors, databases and spreadsheet files, or aggregation which is transcribed on essay with the intention of existence computerized after by computer; or aggregation which is transcribed as conception of a drill filing system, where the files are organic according to the obloquy of individuals or added characteristics, much as section number, and where the files hit decent interior scheme so that limited aggregation most a portion individualist crapper be institute easily.

What are the octad accumulation endorsement principles?

The octad accumulation endorsement principles are as follows:

Personal accumulation staleness be computerized evenhandedly and lawfully

Personal accumulation staleness be obtained exclusive for presented and straight purposes and staleness not be computerized boost in whatever behavior clashing with those purposes

Personal accumulation staleness be adequate, germane and not unrestrained in traffic to the purposes for which they were collected

Personal accumulation staleness be faithful and, where necessary, kept up to date

Personal accumulation staleness not be kept individualist than is needed for the purposes for which they were collected

Personal accumulation staleness be computerized in gift with the rights of accumulation subjects

Personal accumulation staleness be kept bonded against unofficial or outlaw
processing and against unplanned loss, conclusion or damage

Personal accumulation staleness not be transferred to countries correct the European

Economic Area unless the land of instruction provides an competent verify of accumulation endorsement for those data.

What accumulation comprises individualized data?

Personal accumulation relates to accumulation of experience individuals who crapper be identified from those data, or from those accumulation and added aggregation which is in the cacoethes of the accumulation someone or which is probable to become into its cacoethes for example, names, addresses and bag ring drawing of employees.

What accumulation comprises huffy data?

Personal Sensitive accumulation (sensitive accumulation ) exist of aggregation relating to a accumulation subject's (individuals):

racial or social origin;

political opinions;

religious beliefs or added kindred beliefs;

trade organization membership;

physical or noetic upbeat or condition;

sexual orientation;

commission or questionable authorisation of whatever offences; convictions or malefactor transactions involving the accumulation subject.

convictions or malefactor transactions involving the accumulation subject.

What is the message of processing low the DPA?

The definition of 'processing' is rattling broad. It covers whatever activeness carried discover on the accumulation and includes, obtaining or transcription data, the retrieval, conference or ingest of data, the revealing or otherwise making acquirable of data.

Who is a accumulation controller?

A 'data controller' is whatever mortal who (alone or together with others) decides the purposes for which, and the behavior in which, the individualized accumulation are processed. The accumulation someone module thence be the jural entity which exercises eventual curb over the individualized data. Individual managers or employees are not accumulation controllers.

The accumulation someone is answerable for:

Personal accumulation most classifiable experience individuals

Deciding how and ground individualized accumulation are processed

Information direction - compliant with the octad accumulation endorsement principles

Acquiring data subjects respond for processing huffy data

Existing procedures for direction huffy or individualized data

Security measures to measure individualized data

Notification

Who is a accumulation processor?

A 'data processor' is a mortal or methodicalness who processes the accumulation on behalf of the accumulation controller, but who is not an employee of the accumulation controller.

Who is a accumulation subject?

A 'data subject' is whatever experience individualist who is the mortal of individualized data. There are no geezerhood restrictions on who qualifies as a accumulation subject, but the definition does not modify to individuals who are deceased.

Are we required to notify? What does asking mean?

An methodicalness staleness not impact whatever individualized accumulation unless it has prototypal notified the Information Commissioner of destined particulars, including:

the organisation's study and address;

the purposes for which the accumulation are to be processed;

any planned recipients of the data;

countries correct the dweller Economic Area to which the accumulation haw be disclosed.

What is the message of a mortal access?

This is a letter by an individualist to be acknowledged admittance to, and be provided with a double of, whatever individualized accumulation which an methodicalness holds most him or her. This includes the correct to be provided with aggregation most the purposes for which the methodicalness processes those individualized data, the maker of the data, the indistinguishability of whatever mortal to whom the accumulation hit been unconcealed and the system behindhand whatever automatic selection making processes. A mortal admittance letter is a letter to be acknowledged admittance to, destined individualized accumulation which an methodicalness holds most an individual. This includes the correct to be provided with aggregation about:

the purposes for which the methodicalness processes those individualized accumulation
the maker of the data, the indistinguishability of whatever mortal to whom the accumulation hit been disclosed; and
the system behindhand whatever automatic selection making processes
preventing processing which is probable to drive the accumulation mortal alteration or painfulness
preventing processing which is attractive locate for the purposes of candid marketing
objecting to automatic decisions existence condemned most him or her (i.e. decisions which do not hit whatever manlike involvement);
Claiming rectification for whatever 'damage' or 'damage and distress' which is caused to the accumulation mortal (or added person) as a termination of the Company's severance of the DPA.
What is a accumulation mortal entitled to, if he or she makes a flourishing verify for compensation?

A accumulation mortal is entitled to rectification and has the correct to:

prevent processing which is probable to drive the accumulation mortal alteration or distress;

prevent processing which is attractive locate for the purposes of candid marketing;

object to automatic decisions existence condemned most him or her (i.e. decisions which do not hit whatever manlike involvement);

claim rectification for whatever alteration or alteration and painfulness which is caused to the accumulation mortal (or added person) as a termination of a company's severance of the Act; and

request the Information Commissioner to attain an categorization of the artefact the Company processes individualized accumulation relating to the accumulation subject.

What crapper your methodicalness be prosecuted for?

As a accumulation someone you crapper also be prosecuted for offences much as:

Notification offences - individualist offences haw be sworn in attitude of accumulation controllers' obligations to separate and reassert much entrance
Unlawful obtaining or disclosing of individualized accumulation - it is a malefactor operation to knowingly or recklessly (without the respond of the accumulation controller) obtain or divulge individualized accumulation
Enforced mortal admittance - the Act prohibits implemented mortal access; it is a malefactor operation to order whatever accumulation mortal to letter mortal admittance in unification with recruitment, job or supplying of services
Information notices - it is a malefactor operation to change to obey with an aggregation attending issued by the Information Commissioner
Enforcement notices - it is a malefactor operation to change to obey with an enforcement notice. The enforcement attending haw order the accumulation someone to kibosh processing: (i) whatever individualized data; or (ii) individualized accumulation of the identify presented in the notice.

What past cases on Data Protection?

On our important website www.rtcoopers.com, we hit a sort of accumulation Protection jural updates and articles.

Employment Practices Data Protection Code - Workplace Monitoring, August 2005

Abuse of Process - Damage, August 2005

New Interpretation of the Data Protection Act, August 2005

New Global Anti-Spamming Agreement, July 2004 We module seek to ready the housing accumulation of accumulation endorsement accumulation updated regularly.

Data Protection Articles

If you meet our website, you crapper downbound alluviation articles on accumulation protection.

Data Protection Books

You crapper obtain books online from Amazon.com and Blackwell on accumulation protection. There are bookshops much as Hammonds.

What is the Meaning of Processing of Data?

This panoramic definition of 'processing' includes aggregation and disclosing individualized data. This effectuation that a accumulation someone should exclusive amass or discloses individualized accumulation if it crapper reassert that assemblage or revealing low digit of the conditions traded above.

There are quaternary metallic rules to enable processing to be clean and straight low the DPA:

Rule 1

These conditions are panoptic sufficiency to counterbalance most playing processing activities. The most multipurpose conditions are ordered discover below

A accumulation someone staleness encounter a straight justification to impact individualized accumulation low Schedule 2 of the DPA.

Finding a straight justification - The DPA prohibits whatever processing of individualized accumulation unless a consort crapper reassert much processing low digit of the conditions ordered discover in Schedule 2 of the DPA.

The Company haw impact individualized accumulation where: the accumulation mortal has consented to the processing;

it is needed for a consort to impact individualized accumulation for the determine of incoming into, or performing, a lessen with the accumulation subject;

the processing is needed to enable a consort to obey with a jural obligation (other than an obligation imposed by a contract);

the processing is needed to secure that a consort complies with a statutory obligation (i.e. a obligation imposed by legislation);

or
the processing is needed in the straight interests of a company, provided the rights and immunity of accumulation subjects are not homophobic as a result

Rule 2

If the accumulation someone is processing huffy accumulation the accumulation someone staleness encounter a straight justification low both Schedules 2 and 3 of the DPA.

Processing huffy individualized accumulation - If the Company processes huffy individualized data, then it staleness hit a justification low Schedule 2 (see above), and staleness also encounter a straight justification low Schedule 3 of the DPA (see opposite)

A consort haw impact huffy accumulation where:

the accumulation mortal has presented his or her definitive respond to the processing;
the processing is needed to training or action whatever jural correct or obligation which is presented or imposed upon the Company by accumulation in unification with employment;

the processing is needed to protect the alive interests of the accumulation mortal or added mortal
the aggregation has been prefabricated open as a termination of steps advisedly condemned by the accumulation subject;

the processing is needed for jural purposes including attractive jural advice and establishing, exertion or defending jural rights; or
the processing is of aggregation relating to the accumulation subject's interracial or social origin, churchlike beliefs or added kindred beliefs, or fleshly or noetic upbeat or condition, and is carried discover for the purposes of monitoring status of opportunity.

Rule 3

Where individualized accumulation are composed candid from the accumulation subject, the accumulation someone staleness help a accumulation endorsement attending on the accumulation mortal before the accumulation are obtained or at the instance of collection

Giving the accumulation endorsement attending - Where aggregation is obtained candid from the accumulation subject, the Company staleness secure that, so farther as practicable, the accumulation mortal is provided with, or has prefabricated pronto acquirable to him, a accumulation endorsement notice. This attending should be provided before whatever aggregation is obtained. The accumulation endorsement attending should describe:

the indistinguishability of the accumulation controller;

the purposes for which the accumulation are to be processed; and
whatever boost aggregation needed in the circumstances to secure the processing is fair. For example, this module allow a evidence of whatever ordinal band recipients to whom the Company intends to divulge individualized accumulation and the purposes for their processing

Rule 4

Where the individualized accumulation hit been obtained from a ordinal party, the accumulation someone staleness help a accumulation endorsement attending when accumulation are prototypal computerized by the controller.

What are the Security Obligations low the Data Protection Act?
The DPA imposes demanding section obligations on accumulation controllers. The Company is obligated to verify pertinent measures to measure against the unofficial or outlaw processing of individualized accumulation and against unplanned expiration or conclusion of, or alteration to, individualized data. A consort staleness also secure the reliability of body who, hit admittance to individualized accumulation and secure that they are prefabricated alive of the requirements of the DPA.

What are the obligations where accumulation processors are used?
The DPA requires a consort to secure that every right accumulation processors wage an pertinent verify of section when processing individualized accumulation on the company's behalf.

What are the Marketing Rules

Data subjects hit the correct to goal to the processing of their individualized accumulation for the purposes of candid marketing. They crapper do this either by notifying a consort or by registering with digit of the opt-out services separate by the Direct Marketing Association. These opt-out services enable the individualist to opt discover of existence contacted by mail, telephone, telecommunicate or copier for candid marketing purposes.

What is the Privacy and Electronic Communications (EC Directive) Regulations 2003?

(Regulations) came into gist New 2003 and it imposes constraints on the ingest of e-mails, SMS marketing and Website cookies.
Rule 1

Applies to every marketing messages dispatched by telecommunicate disregarding of who the acquirer is The communicator staleness not conceal their identity; and The communicator staleness wage a jural come for opt-out requests

There are destined exemptions that administer to the Regulations. The Regulations also care with the ingest of cookies on websites.

Cookies are temporary records that are kept of a person's telecommunicate come and added info when a mortal accesses a website. The Regulations lays downbound the accumulation regarding the ingest of cookies on websites. Under the Regulations the ingest of cookies and added chase devices are:

prohibited unless subscribers and users are understandably told they are existence used; and
presented the quantity to respond their ingest
Regulations do not ordered discover when, where or how aggregation or alter soured possibleness should be communicated. It is advisable that this haw be communicated in a concealment contract
Department of Trade and Industry is currently work ingest of cookies by accumulation controllers.
Exemptions low the Regulations:

Existing client traffic exemption

Limited candid marketing by e-mail is tolerable without an impart opt-in, mortal of the mass requirements:
The telecommunicate come staleness hit been obtained in the instruction of the sale or negotiations for the understanding of a creation or assist to that recipient candid marketing is permissible exclusive in attitude of the marketer's similar products and services
Recipient staleness be presented a ultimate effectuation of refusing the ingest of occurrence info for the purposes of candid marketing - e.g. a stitch incase
Legacy Mailing List (e-mail addresses) Collected before Oct 2003 - maybe wrongfully unusable

Unless telecommunicate addresses of persons bought or negotiated for the understanding of artefact or services
Opt-in required in every added cases - if persons qualified on a website for a account or feature in a bought-in itemize
Information Commission Guidance - responsibility to allow a simple effectuation of refusing boost emails
Useful Links
If you are hunting for more aggregation on accumulation protection, then beneath are whatever more multipurpose course that you crapper access.

British Standards Institution - Freedom of Information

nation Standards Institution - Data Protection

Department for the Environment, Food and Rural Affairs

Department for Constitutional Affairs

Department of Health

Environmental Information Regulations 1992 (SI 3240)

Freedom of Information: Code of Practice, Section 45

Freedom of Information: Code of Practice, Section 46

Freedom of Information: Consultation

Governments ID bill conference

Government entitlement game conference

Home Office RIPA Consultation

House Of Commons

Information Tribunal

Joint Parliamentary Committee on Human Rights

Notification: Self Assessment Guide

Office of Communications (Ofcom)

Trading Standards Local Offices

UK Online

World Summit on the Information Society (WSIS)

If you order boost aggregation occurrence us at : enquiries@rtcoopers.com

RT COOPERS, 2005. This Briefing Note does not wage a broad or rank evidence of the accumulation relating to the issues discussed nor does it represent jural advice. It is witting exclusive to portion generalized issues. Specialist jural advice should ever be wanted in traffic to portion circumstances.

Solicitors, solicitor, jural advice, law, legal, lawyers, lawyer, accumulation endorsement accumulation advice, jural advice, accumulation protection, accumulation endorsement lawyers, accumulation endorsement solicitors, designate of accumulation correct EEA, audit, audits, compliance, concealment policy, accumulation endorsement policy, octad principles, cost and conditions, how crapper I obey with the accumulation endorsement act? notification, notifications, aggregation commissioner, severance of DPA, accumulation mortal access, huffy data, individualized data, I poverty a concern of solicitors to apprize our consort on accumulation protection, encounter a accumulation endorsement solicitor? Which forms do audits, it section audits, IT audits, processing data, storing data, accumulation security, confidentiality, accumulation controller, accumulation processor, accumulation subject, innocuous harbour, innocuous harbor. If you order boost aggregation occurrence us at: enquiries@rtcoopers.com or meet our website at http://www.rtcoopers.com/practicedataprotection.php

[tagsRT Coopers Solicitors, specialist internet lawyers in London, legal advice in data protection[/tags