Data Protection Regulation and control - Essay Example

Introduction Data protection has become very important and relevant in the face of increased global rates of fraud and cyber crime. To counter the negative effects of fraud, it is imperative that, organizations come up with data protection policies aimed at curbing data misuse. By establishing a well crafted data protection policy, a company must bear in mind the nature of data, the nature of threat at hand, as well as the resources at its disposal.Data protection refers to the concept, which deals with sharing of data related to individual yet maintaining the privacy that the customer expects (Lloyd, 1998.8-60). A small newly established Travel Company has the responsibility of ensuring clients personal data in its custody is safe and held in privacy.

The universal declaration of human rights article12 states that: "there should be no interference with a person, family, home etc. or attacks upon their reputation" (Lloyd1998.58-60). The company has the duty of finding out the stipulated rules and regulation in the various legislative acts that address data protection. The law for example, requires the firm to get registered and get authorization from information commissioner (Carey, 1998.16-31). It is the responsibility of the company to develop policies and procedures that protect customer information using the knowledge so gained.

The company then needs to institute the office of a data controller who is the person who, either alone or with others, directs the content and use of personal data (ILO, 1997.14-67). The company, through the office of the data controller has the responsibility of ensuring that personal information collected from client is relevant and secure and its uses in an appropriate manner (Hornberger, 2001.21-49).The company has a duty to keep updating themselves on amendments on data protection acts inorder to maintain relevant policies.

It is thus their responsibility to keep in touch with the concerned regulatory bodies or any the media houses that highlight such changes or amendments.To improve this privacy and security, the company should prohibit the use of social security numbers or social insurance numbers as customer identification. At the same time, it is their part to allow customers to opt- out or opt -in for sharing personal information (Carey, 2000.90-107). This way, the clients' implied consent is received for the film to keep this personal information.

It is the firm's responsibility to classify, right on the onset, personal and confidential information. The information so held should have data flow analysis conducted on it (Carey, 1998.19-30).The company also ought to conduct continuous privacy policy awareness programmes; this will ensure successful implementation of the outlined policies (Lyod, 2007.45-89).Individual employees also have their part in data protection. Employees ought to exercise all due diligence while handling customers information or while processing it.

(Bainbridge, 2006.13-47). Employees have the duty of making available, upon request, by the client, personal details of the clients. The employee should also be ready to rectify or correct inaccurate details.They also have a duty of ensuring they don not display personal details that display client racial, ethical, political opinions, religious or philosophical beliefs or trade-union affiliation (Jay, & Hamilton, 1999.56-87) Since the company is still new they should be very keen to ensure that data obtained is used for specified and legal use, it is adequate and not excess, it is accurate and up-to -date, it should not be kept for longer than it is needed and the rights of the subject are respected (including right to access, blocking, or erasure, and rights to prevent processing, and right to prevent use for direct marketing (Millard, & Ford, 1998.100-124). As well the company should ensure that data is secure and also that personal data shall not be transferred to another country outside the European Economic block unless that country ensures an adequate level of protection (Politt, , Mullock & Clarke, 2000.54-89 ).ConclusionWhen all the above aspects are taken care of, the company can begin operations in confident and in the right footing.

After adhering to the above, it is highly unlikely that they will breach an act of privacy as concerns data protection. It is important that, the company sets aside enough resources for the data protection exercise because that would in the end lead to big losses in terms of loss of valuable documents.Reference:Carey, P. (1998.16-31). Blackstone's guide to the Data Protection Act 1998. London: Blackstone's Press.Carey, P. (2000.90-107) Data Protection in the UK. London: Blackstone's Press.ILO. (1997.14-67) Protection of workers' personal data.

Geneva: ILO.Hornberger, (2001.21-49) Security and data protection for SAP systems. London: Pearsonworkings. Jay, R & Hamilton, A. (1999.56-87) Data protection - law & practice. London: Sweet & Maxwell. Lloyd, I. (1998.58-60). A guide to the Data Protection Act 1998 (London: Butterworths Tolley, Millard, C. & Ford, M. (1998.100-124). Data Protection laws of the world. London: Sweet & Maxwell.Politt, P., and Mullock & Clarke, O. (2000.54-89) .The point of law: Data Protection Act explained. London: SO.

http://www.hmso.gov.uk/acts/acts1998/19980029.htm Accessed on 5/3/2007http://europa.eu.int/smartapi/cgi/sga_docsmartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett . Accessed on 5/3/2007http://www.dataprotection.gov.uk/ Accessed on 5/3/2007