the data protection act
The data protection act, which came into force in 2000, is a set of principles designed to give consumers rights to information that is held about them.
The main principles of this act are:
- Data may only be used for the specific purposes for which it was collected.
- Data must not be disclosed to other parties without the consent of the individual whom it is about. It is an offence for Other Parties to obtain this personal data without authorisation.
- Individuals have a right of access to the information held about them, subject to certain exceptions.
- Personal information may be kept for no longer than is necessary.
- Personal information may not be transmitted outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place.
- Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner's Office.
- Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
- Subjects have the right to have factually incorrect information corrected.
The data protection act does not cover certain types of information, for example information relation to the prevention or detection of crime, or to national security.
what you can do if you think your data protection rights have been breached:
If this breach of rights has resulted in 'distress' you can write to whomever is holding the information about you and request and ask them to stop using your data in this way. The data holder has 21 days to reply, either confirm that they have ceased using this data or their reasons why they think your request was unjustified.
If you need further support relating to your data protection rights, you should contact the Information Commissioner's Office. They have the power to award compensation if you have experienced substantial distress or damage in relation to a breach of your data protection rights.