What you should know about Data Protection Law

 

 

DEFINITIONS OF TERMS IN THE DATA PROTECTION ACT

1. Personal Data: This act applies to information about individuals.  It is the information relating to a living individual who can be identified from those data.  This could be making a secondary school transcript available online for an Embassy to use in acknowledging a qualified applicant.
2. Data Subject: This is an individual who is the subject of a personal data.
3. Data Controller: This is an organization that has full authority to decide how and why personal data should be processed.  These processes include storing, using and deleting the data.
4. Data Processor: This is an organization that processes personal data on behalf of another organization.  These processes are reading, manipulating, storing and deleting.
5. Data Processing: This is any action taken with personal data including collection, use, disclosure, holding of data and destruction of data.

 

THE MAIN PROVISIONS OF THE DATA PROTECION ACT

1. Any organization, holding personal data in a computer system must register with a data protection registrar.
2. After registration, companies must specify what the data is to be used for. Data must be fairly and lawfully obtained.  It must only be used for a purpose that has been registered.
3. An individual has the right to know whether any information is held about him or her.
4. Wrong information about an individual must be changed or deleted.
5. Data must not be given to anyone that is not entitled to it. It must be protected against unauthorized access, deletion, alteration or disclosure.

 

THE PRACTICAL IMPLICATIONS OF THE DATA

PROTECTION ACT 1984

The data protection Act 1998 which came into force in the UK law in October 2001 repeals the data protection act 1924.

The practical implication of meeting the requirements of the data protection act is offered by the Royal College of Radiologists (RCR) on the advice of the information commissioner.  This is a pragmatic approach that:

1. Does not interfere with the prime purpose of caring for a patient.
2. Allows access to data by third parties when in the best interests of the patient.

• Avoids unnecessary and time consuming bureaucracy.

 

The information commissioner’s office confirms that the advice is accurate as long as the data protection Act 1998 is concerned.

This is implemented for the medical and health unit to ensure the security of patients lives.

COPYRIGHT

Copyright is a branch of the law that grants an individual or an organization the right to use and reproduce a software program.

Developers always restrict the duplication of soft wares to the IT firm.  The conditions are always stated in the license agreement of a software.  Most common type of license is the single-user license agreement.  It is also called the end-user license agreement.  The license agreement includes conditions that specify a user’s responsibility upon acceptance of the agreement.  These responsibilities include:

1. Users are permitted to install the software only on one computer.
2. Users are permitted to make one copy of software as backup.
3. Users are permitted to give or sell the software to another individual. This is on condition that the software is removed from user’s computer first.
4. Users are not permitted to install the software on a network.
5. Users are not permitted to give copies to friends and colleagues, while still using the software.
6. Users are not allowed to export the software.
7. Users are not allowed to rent or release the software.

 

These declare the copyrights and user privileges given by the developing company.

The copyright protection is a software lock placed on a developed system by its developer.  It is mainly to prevent the product from being copied and distributed without approval or authorization.

 

THE COMPUTER MISUSE ACT 1990

The computer misuse act of 1990 is a law that makes certain activities illegal.  These activities include hacking into other people’s system, misusing software, helping a person to gain access to protected files on someone else’s computer.  The misuse act came into being after an appeal in 1988.

The computer misuse act makes the following act illegal

1. Unauthorized access to computer material
2. Unauthorized access to computer systems with intent to commit another offence.
3. Unauthorized modification of computer material.

 

The computer misuse act 1990 is an act of the parliament of the United Kingdom.

This misuse act has helped to minimize the operations of black heart hackers and other computer criminals as much as possible.

 

Illegal access to software systems can cause great damage and loss of resources. 

Hackers who succeed in planting Trojan viruses and malwares on peoples system pollute the operation of the operating system.  This causes the attached system to malfunction and become useless to the owner. Great problems that could occur from this action include:

1. Non acknowledgement of an interview date and hence loss of job opportunity. This happens if that system is the victim’s only means of communication.
2. Loss of school project materials hence missing opportunity to be carried along by course mates. Some viruses corrupt text documents and render them inaccessible. A victim with a compiled project will have a lot to lose when this happens.
3. An individual or organization can be defrauded by hackers who have access to confidential account and transaction records. A lot of credit cards are ripped off daily by black heart hackers.

 

These criminal activities have fostered the enforcement of the 1990 computer misuse act to punish apprehended criminals accordingly.

Data protection
Draft Regulation on e-Privacy announced Article 29 Working Party publishes guidance on GDPRECJ delivers blow to "Snoopers' charter"Draft revisions to Swiss Data Protection Act published Switzerland approves US-Swiss Privacy Shield EU to begin adequacy talks with Japan and Korea​
Cyber security
Allegations of Russian hacking in US electionYahoo hack: one billion accounts compromisedRussian central bank targeted in cyber-heistTalkTalk hacker pleads guilty
ICO enforcement
ICO reveals how charities have been exploiting supportersICO now in charge of Telephone Preference ServiceICO fines Bognor Regis firm for making nuisance calls to the elderlyRoyal Sun Alliance PLC fined £150,000 for failing to keep customer information safe


Data Protection
Draft Regulation on e-Privacy announced
The EU Commission (EC) has proposed a new Privacy and Electronic Communications (e-Privacy) Regulation (the Regulation) to replace the existing e-Privacy Directive, implemented in th UK by the Privacy and Electronic Communication (EC Directive) Regulations 2003 (PECR). The Regulation is proposed to come into force on 25 May 2018 (the same day as the GDPR) and would have direct effect across the EU, including the UK where it will replace PECR. The draft Regulation draws heavily on the GDPR and makes use of numerous definitions, terms and concepts that first appeared in the GDPR.

The proposed Regulation updates the current laws relating to the confidentiality of electronic communications within the EU. It would expand the scope of the EU's privacy laws to include over-the-top (OTT) communication service providers (who deliver services across an IP network) for the first time and includes new rules on direct marketing via electronic means. These new rules include provisions relating to the use of 'cookies' as well as a new requirement obliging web browsers and other providers of software to inform users of their ability to "prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment". It is thought that this could lead to a drastic increase in the blocking of third party web-adverts by internet users throughout the EU.

The new Regulation promises to grant greater protection and rights to individual users across the EU. It will grant new rights to users of electronic communications to object to the processing of their communications data. The new rules would also allow users to gain compensation from offending communication providers if their rights are infringed and they suffer damage. In addition, the Regulation will tie into the enforcement regime of the GDPR with fines that could result in offending providers receiving fines of up to €20m or 4% of their global turnover, whichever is the highest.

As the Regulation is still in a draft stage it must now be scrutinised by both the European Parliament and the Council of Ministers. It will not take effect until both sets of legislators approve it. However, it is not expected to change significantly before then.

A law that was passed to protect the privacy of individuals is called the data protection act.  It was passed in 1984 and updated in 1998.  It was implemented to ensure that personal information was collected, used and stored in an acceptable and suitable way.  It is a UK Parliament act.

 

An organization must register its procedures with the data protection registrar before storing personal information about people.

 

The organization pays a fee and completes certain forms. The form holds information like:

1. Company name, address and services
2. Details of information they wish to collect about people
3. Reason for collecting the data
4. Details of how and where they will collect the data
5. Details of how they plan to store the data
6. Details of whether they plan to sell the data to anyone else

 

The organizations exempted from this act are criminal investigation authorities and national security bodies.  This is to keep the data secured from unauthorized access.