What is the Data Protection Act & how does it affect me?

Starting online, you will most likely be capturing information about your customers and therefore handling this information correctly is essential.

The purpose of the Data Protection Act 1998 is to protect the rights of the individual about whom data is obtained, stored, processed or supplied rather than those of the people or organisations who control and use personal data. The Act applies to both computerised and paper records.
The Act requires that appropriate security measures will be taken against unauthorised access to, or alteration, disclosure or destruction of personal data and against accidental loss or destruction of personal data.
Scope

The 1998 Act applies to:
• Computerised personal data
• Personal data held in structured manual files

It applies to anything at all done to personal data ("processing"), including collection, use, disclosure, destruction and merely holding data.

Principles of Data Protection

The act defines eight principles of information-handling practice. These are listed below. The key requirements are:

The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

For more information:

http://www.ico.gov.uk/Home/for_organisations/data_protection_guide.aspx

How does it affect me?

Employees can also be prosecuted for unlawful action under the legislation. Fines of up to £5000 could result if you use or disclose information about other people without their consent or proper authorisation. You could even be committing an offence if you give information to another employee or student who does not need the details to carry out their legitimate duties. You should take particular care when using the Internet, e-mail and the internal network. Special care must be taken with sensitive data such as ethnic origins, religious/political beliefs, health data, disabilities, details of offences or alleged offences, sexual life or trade union membership.