It is increasingly common for personal details to be stored on computers. The Data Protection Act exists to protect such details. This personal data includes items such as:
- name and address
- date of birth
- medical records
- school and employment records
Personal data is private and should only be accessible by authorised people. Also, digital files stored on computers can be easy to access, copy and share. Protection is needed to make sure that our personal data is kept private and not altered or deleted. The Data Protection Act exists to ensure our data is properly looked after.
In addition, everyone has the right to see what data is held about them by an organisation, and to have that data corrected or deleted if incorrect.
The Data Protection Act is built around eight principles which state how personal data should be treated:
- Personal data must be fairly and lawfully processed. This means that an organisation must be truthful about what personal data they wish to collect and what they want to use it for.
- Personal data must be obtained for specified and lawful purposes. This means that an organisation cannot use personal data for any purpose other than that stated when they collected the data. For example, if a company wanted your exam records to see if you were qualified for a job, it could not use those records to try and sell you revision guides that it thinks you might need. Also, the company cannot pass on your data to any other organisation without your permission.
- Personal data must be adequate, relevant and not excessive. This means that an organisation cannot ask for any data that is not immediately needed. For example, when applying for a bank account, the bank cannot ask you where you went on holiday last year.
- Personal data must be accurate and up to date. If data held about you is wrong or out of date, you have the right to have it corrected or deleted. This is extremely important, as incorrect or out of date data might, for example, prevent you from getting a job, a loan or from being able to buy a house.
- Personal data must not be kept for longer than is necessary. As soon as an organisation no longer needs your data, they must delete it.
- Personal data must be processed in line with our rights. Your rights include the right to see any data held on you, and the right to correct inaccurate data.
- Personal data must be held securely. This means safe from unauthorised access (eg with usernames and passwords), but also safe from accidental loss (by making back ups).
- Personal data must not be transferred to other countries outside the European Economic Area, unless those countries have similar data protection laws.
An organisation can face a large fine if they are found to be in breach of the Data Protection Act.