issuhub.com

INMA_A01.QXD

(National Geographic (Little) Kids) #1 
In the UK, the enactment of the European legislation is the Data Protection Act 1984,

1998 (DPA), which is managed by the legal requirements of the 1998 UK data protection

act and summarised at http://www.informationcommissioner.gov.uk. This law is typical of what

has evolved in many countries to help protect personal information. Any company that

holds personal data on computers or on file about customers or employees must be reg-

istered with a data protection registrar (although there are some exceptions which may

exclude small businesses). This process is known as notification.

The guidelines on the eight data protection principles are produced by Information

Commissioner (1998) on which this overview is based. These principles state that per-

sonal data should be:

1 Fairly and lawfully processed

In full:

Personal data shall be processed fairly and lawfully and, in particular, shall not be

processed unless – at least one of the conditions in Schedule 2 is met; and in the case of

sensitive personal data, at least one of the conditions in Schedule 3 is also met.

The Information Commissioner has produced a ‘fair processing code’ which suggests

how an organisation needs to achieve ‘fair and lawful processing’ under the details of

Schedules 2 and 3 of the Act. This requires:

 Appointment of a data controllerwho is a person with defined responsibility for data

protection within a company.

 Clear details in communications such as on a web site or direct mail of how a ‘data

subject’ can contact the data controller or a representative.

 Before data processing ‘the data subject has given his consent’ or the processing must

be necessaryeither for a ‘contract to which the data subject is a party’ (for example as

part of a sale of a product) or because it is required by other laws. Consent is defined

in the published guidelines as ‘any freely given specific and informed indication of his

wishes by which the data subject signifies his agreement to personal data relating to him

being processed’.

 Sensitive personal data requires particular care, this includes:


  • the racial or ethnic origin of the data subject;

  • political opinions;

  • religious beliefs or other beliefs of a similar nature;

  • membership of a trade union;

  • physical or mental health or condition;

  • sexual life;

  • the commission or alleged commission or proceedings of any offence.
     No other laws must be broken in processing the data.


2 Processed for limited purposes

In full:

Personal data shall be obtained only for one or more specified and lawful purposes, and shall

not be further processed in any manner incompatible with that purpose or those purposes.

This implies that the organisation must make it clear why and how the data will be

processed at the point of collection. For example, an organisation has to explain how your

data will be used if you provide your details on a web site when entering a prize draw. You

would also have to agree (give consent) for further communications from the company.

LEGAL AND ETHICAL ISSUES OF INTERNET USAGE

Notification
The process whereby
companies register
with the data protection
register to inform about
their data holdings.


Data controller
Each company must
have a defined person
responsible for data
protection.


Data subject
The legal term to refer
to the individual whose
data are held.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.