Bitesize has changed! We're updating subjects as fast as we can. Visit our new site to find Bitesize guides and clips - and tell us what you think!


Data Protection Act

The Data Protection Act (DPA) is a law designed to protect personal data [data: information without context, eg a list of students with numbers beside their names is data, when it's made clear that those numbers represent their placing in a 100 metre race, the data becomes information ] stored on computers or in an organised paper filing system.

For the GCSE ICT exam, you need to know about the 1998 Act.

The need for the Data Protection Act

During the second half of the 20th century, businesses, organisations and the government began using computers to store information about their customers, clients and staff in databases. For example:

  • names
  • addresses
  • contact information
  • employment history
  • medical conditions
  • convictions
  • credit history

Databases are easily accessed, searched and edited. It’s also far easier to cross reference information stored in two or more databases than if the records were paper-based. The computers on which databases resided were often networked. This allowed for organisation-wide access to databases and offered an easy way to share information with other organisations.

The Data, information and databases section has more on searching databases.

Misuse and unauthorised access to information

With more and more organisations using computers to store and process personal information there was a danger the information could be misused or get into the wrong hands. A number of concerns arose:

  • Who could access this information?
  • How accurate was the information?
  • Could it be easily copied?
  • Was it possible to store information about a person without the individual’s knowledge or permission?
  • Was a record kept of any changes made to information?

The purpose of the Data Protection Act

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws as often information is held in more than one country.

Back to The legal framework index

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.