StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Data Protection Act - Essay Example

Cite this document
Summary
The paper "The Data Protection Act" tells that the Data Protection Act aims to accord greater protection to the rights of the individual, in respect of whom information is collected, accumulated, processed or supplied; in comparison to the rights organizations that utilize and control such data…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.3% of users find it useful

Extract of sample "The Data Protection Act"

The Data Protection Act, Private Security and the Rights of Individuals The Data Protection Act aims to accord greater protection to the rights of the individual, in respect of whom information is collected, accumulated, processed or supplied; in comparison to the rights organizations that utilize and control such data. Not only data in electronic form but also data in hard copies or paper records comes under the purview of this Act. This piece of legislation makes it necessary to implement relevant security measures to prevent unauthorized access to, modification, revelation or destruction of such information. The Data Protection Act 1988 created a new category of sensitive personal data with respect to individuals, which cannot be processed. It had provided a list of requirements that had to be met, in order to process this category of individual data. It prohibits sharing and transferring of personal data to countries outside of the European Union. Several security standards have been established to process personal data. Therefore accessing and processing individual data has been subjected to more stringent controls. The Data Protection Act 1988 had also provided substantial rights to individuals that permitted them to claim compensation for damage or distress caused by unlawful access and processing of their personal information. The sophistication of technology has widened the scope of processing data. Policy decisions are entirely dependent on technological parameters such as aptitude tests, psychometric analyses, and drug and genetic testing, scanning of application forms and Curriculum Vitae. Moreover, new software has been developed, which allows the user to interrupt and decode e-mails of individuals. In addition, there has been a widespread use of CCTV surveillance of individuals (Warren, 2002. Pg 446). The fundamental question that arises is whether the Data Protection Act 1998 provides positive measures for the regulation of private security and the protection of individuals’ rights. It is also an assumption that the Data Protection Act 1988 provides negative limitation for the effectiveness of security professionals, while protecting the assets and rights of individuals for whom they work. Although these assumptions seem to be correct, in practice the Act effectively provides adequate protection to individual’s rights and controls private security. The Act attempts to balance the interests of individuals and private security professionals’ work (The Data Protection Act 1998). The Data Protection Act 1998 integrates the European Data Protection Directive with the domestic legislation of the United Kingdom. This Act covers several areas of personal data and it recognises certain types of personal data as sensitive and intimate. The holders of personal information must obtain the clear and unambiguous consent of the individuals, while procuring such information from them. They are also required to obtain the consent of the individuals, prior to processing and sharing sensitive and intimate information (Janson-Smith, 2003). One of the most affected sectors by the Data Protection Act 1998 is the field of medical research. Medical research by its very nature collects sensitive information about patients, so as to provide adequate treatment. Medical research in the epidemiology of cancer requires vast amounts of vital information regarding the patients. This information is generally collected without obtaining the explicit consent of patients. The restrictions of the Act, in this field, would make it well nigh impossible to collect such crucial information (Janson-Smith, 2003). The Data Protection Act 1998 stipulates that all processing of personal and sensitive information must comply with the requirements of the Act. Appendix 1 of the Data Protection Act 1998 provides certain key principles of the Act. The salient rules of the Act require transparency, under which the individuals are expected to have clear and unambiguous knowledge with regard to the collection of the information from them; and the purpose for which such information is to be employed (Social Research Association, 2005). Under the principles of the Data Protection Act 1998, there should be fair and lawful processing of personal information. Such data processing must fulfil the conditions laid down in Schedule 24 of the Data Protection Act 1998. If the information is sensitive and intimate, its processing must fulfil one of the conditions as laid down in Schedule 35. The collection of personal information must be adequate and relevant for the purposes for which it is collected. There should not be any excessive collection of personal information (Social Research Association, 2005). The processed personal information must not be retained longer than the time required for processing and utilizing that data. The processing of personal data must be done in accordance with the rights provided by the Act to individuals. Safeguarding personal information is very important under this Act. These measures must protect the information from accidental loss, destruction or damage. Another significant feature of this Act is that the holders of personal information must not share this information with anyone outside the European Economic Area (Social Research Association, 2005). The Data Protection Act 1998 provides rights to individuals to access their medical records and claim compensation, in the event of any damage or misuse of their information. The Data Protection Act 1998 rescinded some parts of the Access to Health Records Act 1990, which dealt with the rights of individuals. Patients or solicitors on behalf of their patients, can now access their records (What the Data Protection Act really means for you, 2000). Data holding organisations have to take reasonable and appropriate measures in order to prevent data loss, unauthorised use of data or the unlawful processing of data. Those who store data are not permitted to disclose data for unauthorised purposes. Safeguarding measures are also to be aimed at preventing accidental data losses and wilful destruction or damage to data (Johnston, February 29, 2000). The Data Protection Act 1998 makes it mandatory for multinational corporations and other online companies to prevent data sharing with countries and territories that fall outside of the European Economic Area. It also requires companies to provide adequate security measures to data that is sent to other countries. The basic reason for this requirement is that information holding companies must consider the implications of the Act and act accordingly. Companies may require professional advice in this regard (Johnston, February 29, 2000). Data holding companies must consolidate the data and submit reports whenever required. Companies that deal with the direct marketing of information must obtain prior consent from the owners of such information, in order to utilize their personal details. Marketing databases must be periodically screened for compatibility with Mail Preference Service and Telephone Preference Service. The GB Information Management conducted a survey with two hundred large business organisations with regard to the DPA 1998. This study’s results revealed that a majority of these companies did not have adequate knowledge about the requirements of the Act. Most of the directors of these companies were unaware of the fact that they would be held personally liable for the maintenance of databases containing personal information (Johnston, February 29, 2000). The Information Commissioner imposed penalties on banks and construction societies for having disseminated the vital personal information of their customers; such as names, addresses, dates of birth and PIN’s. In one instance, a bank had shredded debit cards and credit cards and disposed them by placing them in unsecured dust bins, located outside their premises (Compliance Monitor, 1 October 2007). Although, the Financial Services Authority has not imposed any penal action on these organisations, the Information Commissioner’s Office had imposed such penalties. The ICO had awarded damages to the tune of £1.4 million to the Nationwide Building Society, for the loss of a laptop by their bankers, which had contained information regarding its customers. The society successfully claimed that this information had been highly protected and could be used for fraudulent purposes like identity theft. The ICO reduced the fine to £980,000. The FSA had established that the training arrangements of the Nationwide Building Society had been inadequate (Compliance Monitor, 1 October 2007). Data protection had been undermined by the Markets in Financial Instruments Directive of the EU. Mere data loss cannot be tantamount to a breach of the rules of the Data Protection Act and the Financial Services Authority. A majority of the victims of serious crimes are being deprived of help due to the stringent rules of the Data Protection Act (DATA LAW 'CUTS HELP TO VICTIMS OF CRIME', August 19, 2001. Pg. 14). The chief objective of this Act is to legalize data collection and processing. It does not promote data protection. It supports the interests of data handlers and data controllers. These information databases can be accessed by anyone by paying a fee. This could result in a number of crimes such as identity theft, economic fraud and benefit abuse. The DPA permits data controllers to collect and process irrelevant information and minute details of individuals (Lenoir, 2007). Individual privacy has been greatly influenced by the enactment and implementation of the Data Protection Act 1998 and the Human Rights Act 1998. While the Human Rights Act 1998 provided individuals with a legal right to individual privacy, through the right to privacy; the Data Protection Act 1998 had imposed several obligations on employees and employers, as well as individuals to be monitored and to comply with the provisions of the act (Warren, 2002. Pg 446). The holders of information have to maintain a filing system, in which they have to file their manual files. In this filing system they file only the relevant information regarding individuals. They have to realise that the filing system is a form of collection of information, and that while accessing the filing system, they are actually accessing the information of individuals and not the physical form of the filing system (Data Protection Act 1998: Legal Guidance). The Data Protection Act 1998 covers several aspects relating to the system of CCTV and the applicability of the Code of Practice. The provisions of the Act are identified as relevant to the various issues regarding the use of CCTV systems. The operators of CCTV systems and their representatives had developed some standards regarding the use and access to footage. The British Standards Institute had also established some standards in this area (Home Office). The British Security Industry Association or BSIA had submitted a report to the House of Lords select committee, in which it required the security industry to initiate measures to ensure proper protection of the privacy of the public. It maintained that the Close Circuit Television or CCTV could be an essential tool to prevent and detect crime. The use of CCTV instilled a sense of security among individuals; and the BSIA argued that the existing legislation should be reviewed, in order to determine, whether it properly addressed the protection of individuals’ privacy (Cadman, 2007). The role of CCTV had been widely discussed, in several debates across the nation. It is the primary duty of the security agencies to promote, on a widespread basis, the benefits provided by the use of CCTV surveillance; and the public has to be informed about the reduction in crime and related activities. These security agencies have also to appraise the public about the various measures, in place, which ensure the safeguarding of their privacy. The Chairman of the Constitution Committee, Lord Holme opined that the very nature and scope of surveillance and information collection had undergone a drastic change. There were nearly 4.2 million CCTV cameras installed in the United Kingdom (Cadman, 2007). The government introduced the NHS Spine and the ID card database, which enable the government to collect and process quite a bit of information relating to individuals. However, the effects of the newly introduced programmes on the constitutional principles have not been thoroughly examined by the government. The relation between the citizens and the State has been seriously affected and there is public apathy regarding the implementation of measures that affect the privacy of individuals (Cadman, 2007). Surveillance through closed circuit television has become an integral part of British life. The effectiveness of the surveillance by CCTVs is the subject matter of public debates across the UK. CCTV cameras have been installed in public areas, where the flow of public is heavy. Individuals are at risk of being caught on camera, while crossing a road, shopping or accessing bank services. Railways stations and airports have also been equipped with CCTV cameras. The legality of the CCTV surveillance in public areas is not a matter of control. Under this new Act, the Information Commissioner is empowered to issue Enforcement Notices in the event of any breach of the Data Protection provisions (Home Office). The Enforcement Notice provides for remedial action for violations, and ensures future compliance with the provisions of the Act, if so required by the Information Commissioner. The latter official will also ensure that the operators of the CCTV cameras and surveillance equipment act in accordance with the CCTV Code of Practice, guidelines. The Commissioner can initiate action against non – compliance with the legal obligations, set out in the Act, on the operators of the surveillance equipment. He can exercise his powers of imposing liability on the operators, in the event of any violation or infringement of the provisions of the Act (Home Office). There is public outcry against the use of CCTV surveillance in the UK, because many people argue that a significant number of the CCTV systems are illegal and infringe their privacy, without due cause. It has been contended that basic data protection is not followed by any business organisation in the UK. A mere five percent of the offices and buildings which were surveyed by Datpro had fulfilled the basic data protection requirements, laid down by the extant legislation. The Security Industry Authority or the SIA had begun licensing CCTV in Scotland, which would render a large number of CCTV surveillance systems illegal. Moreover, the evidence recorded by the non compliant CCTV monitoring systems would not be admitted in court (Vickers, 2007). The government of the United Kingdom is trying to install a large number of CCTV cameras, which could result in the largest number of CCTV’s per head in the world. This move could provoke human rights activists to protest against the government and its policies. These initiatives would repeal the constitutional spirit and the legal provisions of privacy in the UK. As such, the new laws do not respect basic rights; and the privacy of individuals could be seriously at stake. In addition to this, the operators of CCTV cameras are stating that individuals cannot obtain video recordings; and that only the police were authorized to request such footage. This is incorrect; and according to the Data Protection Act if the request of individuals is not properly handled, then such an act constitutes an offence (Vickers, 2007). The Information Commissioner can generate Codes of Practice and interpret the provisions of the Data Protection Act 1998, wherever necessary. It is believed that a code of practice is necessary for the widespread use of CCTV surveillance systems. Such a code will engender the smooth operation of video surveillance (Home Office). The irony is that the United Kingdom has the highest number of surveillance cameras than any other nation in the world. There had been widespread negotiations with biometric companies, with regard to the development of technology that could be used to search digital database to match images of suspected individuals with those of already known offenders (Bowcott, 2008). Nevertheless, it was established, on some occasions, that these entities had violated the requirements of the Act. In addition, data protection had been adversely affected by the European Union’s Markets in Financial Instruments Directive. Furthermore, this Act did not provide adequate protection to personal data, due to the failings of the data controllers. In conclusion it can be stated that the private security industry does not accord appreciable concern for the privacy of the citizens. On several occasions it was evident that the CCTV system was not following the norms set out in the Data Protection Act. In other words private security was negligibly affected by the Data protection Act. As such, the Data Protection Act 1998 neither protects the personal data of individuals, nor does it provide data controllers with adequate power to obtain crucial personal data, even if such data could prove helpful for other individuals’ medical needs. List of References Bowcott, O. (2008, May 06). CCTV boom failed to slash crime, say police. Retrieved May 11, 2008, from The Guardian: http://www.guardian.co.uk/uk/2008/may/06/ukcrime1 Cadman, E. (2007, December 12). BSIA: Security industry must reassure public on privacy. Retrieved May 11, 2008, from http://www.info4security.com/story.asp?sectioncode=16&storycode=4116486&c=1 Compliance Monitor. (1 October 2007). Double jeopardy - data protection. FINANCIAL SERVICES . DATA LAW 'CUTS HELP TO VICTIMS OF CRIME'. (August 19, 2001. Pg. 14). Sunday Mail . Data Protection Act 1998: Legal Guidance. (n.d.). Retrieved April 26, 2008, from http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/data_protection_act_legal_guidance.pdf Home Office. (n.d.). Legal Compliance. Retrieved May 11, 2008, from http://www.crimereduction.homeoffice.gov.uk/cctv/cctvminisite30.htm Janson-Smith, D. (2003, May 12). The Data Protection Act 1998: Protecting people from the wrongful use of their personal information by others. Retrieved April 26, 2008, from http://genome.wellcome.ac.uk/doc_WTD021018.html Johnston, I. (February 29, 2000). Tough on fairness and accuracy. The Times (London) . Lenoir, A. (2007, November 17). Privacy and Data Protection Act 2007 (P&DPA07). Retrieved April 26, 2008, from http://www.bbc.co.uk/dna/actionnetwork/A4446038 Social Research Association. (2005, October). Data Protection Act 1998: Guidelines for social research. Retrieved April 26, 2008, from http://www.the-sra.org.uk/documents/pdfs/sra_data_protection.pdf The Data Protection Act 1998. (n.d.). Vickers, S. (2007, October 02). "Nearly all CCTV illegal”, expert claims. Retrieved May 11, 2008, from http://www.info4security.com/story.asp?sectioncode=9&storycode=4114943&c=1 Warren, A. (2002. Pg 446). Right to privacy? The protection of personal data in UK public organizations. New Library World. London , Vol 103, issues 11/12. What the Data Protection Act really means for you. (2000, September 23). Pulse , p. 29. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Look For Ways In Which The Act Is Effective In Controlling Private, n.d.)
Look For Ways In Which The Act Is Effective In Controlling Private. https://studentshare.org/other/2043037-look-for-ways-in-which-the-act-is-effective-in-controlling-private-security-and-protecting
(Look For Ways In Which The Act Is Effective In Controlling Private)
Look For Ways In Which The Act Is Effective In Controlling Private. https://studentshare.org/other/2043037-look-for-ways-in-which-the-act-is-effective-in-controlling-private-security-and-protecting.
“Look For Ways In Which The Act Is Effective In Controlling Private”. https://studentshare.org/other/2043037-look-for-ways-in-which-the-act-is-effective-in-controlling-private-security-and-protecting.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Data Protection Act

Data Protection Act and Conducting International Trade

The Data Protection Act helps in avoiding any breach of security that might affect data privacy.... The Data Protection Act requires the implementation of standardized strategies for secure data management.... A major purpose of The Data Protection Act is to 'extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information....
5 Pages (1250 words) Assignment

Law on Data Protection

The presentation 'Law on Data Protection' is devoted to a topic that is extremely relevant in today's world, such as the data protection law: in the context of information technology, banking information.... Even though the extent of DPA is quite wide, still the Information Commissioner's Office is at some extent unable to save the Kingdom's populace from unexpected data losses, as a matter of fact, the largest data loss ever recorded in history which occurred on the inauspicious 21st of November 2007 was within the United Kingdom itself, and that too by the inappropriate management by government's recruits themselves....
7 Pages (1750 words) PowerPoint Presentation

Data Protection Act

The Data Protection Act is considered an immense Act that has a status for difficulty.... The paper "data protection act " presents that DPA is an act that provides the legal foundation for dealing with and managing information pertinent to living people.... Whereas this translates to the fact that the court considered a constricted approach to the conditions of data protection, it also took a considerably extensive approach to the FoI ones.... In this case, the weight of which act would prevail depends on the significance it poses as well as its overall impact....
5 Pages (1250 words) Essay

The Role of the Data Protection Act 1998

This work "The Role of The Data Protection Act 1998" gives a closer look at The Data Protection Act 1998, its key aspects.... It is against this background that the central focus of this essay will be to conduct an exhaustive analysis of the most contending issues in The Data Protection Act 2000 within the context of the application of it to contemporary issues.... ssentially, The Data Protection Act 1998 is part of the general legal system that already has a number of legislations that border on the rights of information....
4 Pages (1000 words) Case Study

Advice for Handling Potential Breaches of the Data Protection Act

This essay "Advice for Handling Potential Breaches of The Data Protection Act" highlights several areas of the BCS Code of Conduct that should be considered before reporting Joan's employer as well as offering potential alternative solutions to handling this data protection problem.... To do so might actually jeopardize her career or her relationships with her superiors, especially if her supervisors actually did secure their obligations under The Data Protection Act....
7 Pages (1750 words) Essay

Ethics in computing or Data Protection Act

These activities were carried out with The Data Protection Act in mind ... These activities were carried out with The Data Protection Act in mindData protection requires that comprehensive solution be availed for organizations and individuals to collect and store information in real reliable systems.... These protections required for data are regulated by The Data Protection Act (1998).... To ensure that I never contravened The Data Protection Act or anybody using the databases does not override The Data Protection Act, I ensured that the available controls provided by the existing file systems are upgraded and if possible combined to improve the level of security of the data (Per Arne Godejord, 2008)....
2 Pages (500 words) Research Paper

The Data Protection Act and Role of the Information Commissioner in this Act

The paper "The Data Protection Act and Role of the Information Commissioner in this Act" describes that the commissioner is able to perform activities outside the agreed scope and customer instruction as well as using the customer data for his/ her own product development, research or any other purpose that is appropriate.... In addition, confirming the second and third principles of data protection which Susan did not adhere to stresses on the use of personal data, which should be in a manner compatible with the purpose and reasons as to why the data was stored in the database system....
5 Pages (1250 words) Coursework

Data Protection Act

There are three major aspects of The Data Protection Act (DPA).... The researcher of this essay aims to analyze the "data protection act" (DPA) of 1998, activities controlled by it, complying with DPA, the role of Commission Officer, and the Impact of the UK data protection act on Organizations.... Processing of data in terms of the DPA translates into any action that may be done to personal data, which includes obtaining, holding, using, disclosing, or destroying the data....
10 Pages (2500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us