A data protection reminder
07 February 2008
A data protection reminder
The seriousness of the Government’s debacle over the loss of two discs containing the personal information of 25 million people reminds us all to comply with data protection rules.
Someone controlling personal data must notify their activities to the Information Commissioner. Data controllers have to comply with the eight Data Protection Principles.
- A data processor processes data for a data controller, but does not need to notify for this reason alone. The data controller and processor should have a written contract between them.
- A data subject has various legal rights, including access to data and getting rectification or destruction of inaccurate data.
- Failure to comply may lead to enforcement notices or even to criminal prosecution. It will be interesting to see where the enquiry into the loss of data discs by HMRC will lead.
The data protection principles state that personal data must:
- be processed fairly and lawfully;
- be processed only for specified purposes;
- not be excessive;
- be accurate and current;
- not be kept longer than is necessary;
- processed in accordance with the subjects’ rights;
- be adequately protected from loss, destruction or damage;
- not be transferred outside Europe where there is no protection for personal data.
The criteria to be satisfied for these principles are stricter in relation to ‘sensitive’ data, such as race, political opinions, religion, trade union membership, health, sex life or criminal record.
Latest Events
- July 2008
Forthcoming Events
