1984 Data Protection Act
The 1984 Data Protection Act places particular responsibilities on any individual or organisation that stores data about identifiable people on computers - this includes employees, customers, clients, contract staff.
These responsibilities include :
The business must register with the Data Protection Registrar.
The data held must be for a specific purpose.
The business must inform the Registrar for what purpose the data is being stored.
No more data than that required to fulfill the purpose shall be stored.
Data must be obtained by fair and legal methods.
Data cannot be sold or given to other users without the permission of the person the data is about.
Data must be kept up to date.
Data shall not be kept longer than neccessary.
Individuals have the right to view, change, or delete data about themselves.
Data must be protected against unauthorised access.
Individuals can claim compensation where incorrect data has caused harm or loss.
Note that the above information is not, and is not intended to be, a statement of the law - it is provided only to indicate the existence of such legislation.
Also, it applies to the UK only.
© 1998 Ron Turner
Return to the IT security home page
|