The Data Protection Act 1998 strengthens
the rights of individuals in relation to the way personal
data is processed.
The Data Protection Act 1998 came into force on 1st March
2000 and it sets rules for processing personal information
and applies to paper records as well as those held on computers.
The Data Protection Act in practice
The
Data Protection Act 1998 applies to ‘personal
data’, that is, data about identifiable living individuals.
The SEELB (known as a Data Controller under the legislation)
must comply with the rules of good information handling,
known as the data protection principles, and other requirements
of the Data Protection Act.
The
rules of good information handling – the data
protection principles
The Board must comply with the eight enforceable principles
of good practice which are set out in detail in schedule
1 of the Data Protection Act (1998). The Data Protection
principles say that data must be:
- fairly
and lawfully processed;
- processed for limited purposes and not for any manner
incompatible with those purposes;
- adequate, relevant and not excessive;
- accurate;
- not kept for longer than is necessary;
- processed
in line with the data subject’s
rights;
- secure;
- not transferred to countries without adequate data protection.
Personal data covers both facts and opinions about the
individual. It also includes information regarding the
intentions of the data controller towards the individual.
The right of subject access
The Data Protection Act (1998) allows individuals to find
out what information is held about themselves on computer
and some paper records. This is known as the right to
subject access. The Board processes these requests in
accordance with the legislation.
Promoting good practice
The Commissioner has a duty to promote good practice by
data controllers. One of these is by producing codes
of practice.
Information on the codes of practice, which is available
from the Information Commissioner, can be found on www.ico.gov.uk.
|
