1984 Data Protection Act

The 1984 Data Protection Act places particular responsibilities on any individual or organisation that stores data about identifiable people on computers - this includes employees, customers, clients, contract staff.

These responsibilities include :

• The business must register with the Data Protection Registrar.

• The data held must be for a specific purpose.

• The business must inform the Registrar for what purpose the data is being stored.

• No more data than that required to fulfill the purpose shall be stored.

• Data must be obtained by fair and legal methods.

• Data cannot be sold or given to other users without the permission of the person the data is about.

• Data must be kept up to date.

• Data shall not be kept longer than neccessary.

• Individuals have the right to view, change, or delete data about themselves.

• Data must be protected against unauthorised access.

• Individuals can claim compensation where incorrect data has caused harm or loss.

Note that the above information is not, and is not intended to be, a statement of the law - it is provided only to indicate the existence of such legislation.

Also, it applies to the UK only.

© 1998 Ron Turner

Return to the IT security home page