When it comes to surfing the internet, the Data Protection Act is your friend. It is there to protect you from misuse and abuse of your online data. This short guide explains what you need to know about the DPA.
The original version of this law was introduced in the 1980s, to protect individuals against the growing use of their data in computer systems. It was updated and strengthened in 1998 – and more specific laws, to govern what could happen to your online data, were introduced in 2003.
The most important thing that you need to know is that the DPA covers the processing of “personal” data.
Let’s start with the data - “personal” is not limited to your name and address, but any data that could reasonably be put together with other information to divulge personal information about yourself. Thus, if you live alone, your phone number could count as personal data. Your email address almost certainly would count.
‘Processing’ relates to pretty much any operation on your data involving a computer - from selecting your name for a mailing, to reading it off a screen during a sales call. And it isn’t just limited to computing, some manual systems are now covered.
How the law affects companies
Companies and organisations that would like to process your data need to do two things. First of all, they should notify the Office of the Information Commissioner (a government body) that they are doing so. That way, it is possible to know who is legitimately processing data and who is not.
Secondly, they need to adhere to eight principles embodied in the law. For instance, data must be obtained “fairly” - that is, at the point of collection it must be made clear what the data will be used for. It must be accurate and up to date and it must be held securely.
Most importantly – and this applies even more so to data collected online – your permission is needed before the data is processed. When it is collected from the internet an “opt-out” (telling you that it will be used unless you say no) is not good enough. It must be an “opt-in”.
Your rights – and obligations
You, in turn, have a number of rights. These include: seeing what is held about you, compensation (when things go badly wrong) and, in some cases, the right to prevent processing.
But what happens if you wish to collect data about friends and people you meet on the net? If what you are doing starts to become a large-scale exercise, then take advice - you might yourself need to comply with the law. In most cases, though, you will probably be covered by personal exemptions. These might allow you, for instance, to keep an address book without taking on the full might of the system.
Meanwhile, do not be overawed by large organisations laying down the law. They cannot say that you must do something “because of data protection”. When in doubt, check out the Information Commissioner’s website - there is a whole section devoted to frequently asked questions.