1984 Data Protection Act


 

 

 

 

 

The 1984 Data Protection Act places particular responsibilities on any individual or organisation that stores data about identifiable people on computers - this includes employees, customers, clients, contract staff.

These responsibilities include :

  • The business must register with the Data Protection Registrar.

  • The data held must be for a specific purpose.

  • The business must inform the Registrar for what purpose the data is being stored.

  • No more data than that required to fulfill the purpose shall be stored.

  • Data must be obtained by fair and legal methods.

  • Data cannot be sold or given to other users without the permission of the person the data is about.

  • Data must be kept up to date.

  • Data shall not be kept longer than neccessary.

  • Individuals have the right to view, change, or delete data about themselves.

  • Data must be protected against unauthorised access.

  • Individuals can claim compensation where incorrect data has caused harm or loss.

 

Note that the above information is not, and is not intended to be, a statement of the law - it is provided only to indicate the existence of such legislation.

Also, it applies to the UK only.

 


© 1998 Ron Turner


Return to the IT security home page