ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Data Protection Law

Updated on July 23, 2013

UK Data Protection Law Introduction

Let's start by defining data law, going by the provisions of the UK Data Protection Law, organizations apply the dictates of the Act to retain data for the time period provided while those whose information are being kept are wary of the safety of their personal data. It is already noted that compliance with the codes of UK Data Protection Law protects both parties. Overview of the provision of this law and its implementations by organization has been dealt with in this Squidoo Lens.

UK Data Protection Law

A Background

UK Data Protection Law came to force after the United Kingdom Parliament passed the The Data Protection Act 1998. This law has really made provisions for each entity on which kind of data are to be collected and which are to be exempted. Some guidelines were set on how to process the information in the custody of those who got it. This law does not give uncontrolled access to people's information and also gave a series of measures to forestall any entity using the provision of this law to their own advantage thereby disregarding the rights and privileges of others. Although the methods of collecting these information differ from one organization to another, the provisions of data protection law makes case for the implementation of the codes of the law.

This lens focuses on a restaurant /pub chain with CCTVs and social media presence and its implementation of privacy data protection. There are set rules, duties and obligation imposed on this industry by the UK Data Protection Law. Notable among the rules which this industry must oblige and implement is the EU data protection directive of 1995 which states that "personal data may only be transferred from the countries in the European Economic Area to countries which provide adequate privacy protection" and "Working party on the Protection of Individuals with regard to the Processing of Personal Data" (European Commission). All these provision are part of the UK Data Protection Law and this industry, likewise others are expected to comply with its provisions and to fully implement the law. In the subsequent part of this report, rights and obligations of the person whose information is being stored and the legal entity that is responsible for storing and processing the information, and then relates it to how these provisions of the Act is being implemented in this industry.

Is Data Protection Instrusive?

See results

Data Protection Videos

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

Why privacy is an Issue

Privacy is an issue in data protection because personal data are always the point of target by hackers and other attackers alike. The makes it even more important to protect data and make it private. UK data protection law is the main legislation in the UK which oversees the protection of personal data. This law does not in itself promise total privacy to the people but it came to fore in recognition of the European Union data protection directive of 1995. This directive mandated it on Member States of the EU to ensure the protection of peoples' fundamental rights, freedoms and right for the information collected to be protected. Considering some situations where people's private data are demanded, it then becomes necessary for the information to be secured or protected. It is upon this principle that UK data protection law is based.

Previous to the enactment of the of UK Data protection law, two major legislations were in effect in the UK. One of the legislations is Data Protection Act of 1984 which gave set rules on how information could be collected and processed and Access to personal File Act of 1987 which was built on the provisions of Data Protection Act of 1984. The present UK Data Protection Act had now replaced the previous in addition to the UK's compliance to the European Union data protection directive of 1995. This is the brief evolution of data protection law.

Notable about this law is its definition of the particular kind of information which is considered and exempted by the Act. Only personal information are recognized by the act but the act does not create a blanket over the meaning of personal information. By personal information, it means the information with which an individual can be identified. This law only applies to individual and persons who can be identified by unique or distinguishing features. Therefore the Act does not cover a pack of information which is not identifiable or someone who is anonymous. That means that this law does not make provision for someone who no-one can identify. Identification can take the form of name, address or phone number while data, as referred to by the Act refers to information that can stored on an electronic device like the computer or information that can be filed in a filing system.

In order to ensure maximum understanding and implementation of the Act, the provisions of the Act was modified by the freedom of information Act to include the basic legal and ethical requirements of business entities (Pinsent, 2007). According to ICO (2007), UK Data Protection Act grants some rights to persons whose data or information are being stored, and enforces some obligations on entities that collect and/or store people's data and information. The person whose data or information is being stored is granted the right by Data Act to request for his information for a token (ICO, 2007). In situations where the information held concerning a person is deemed incorrect, such person can request that the information be corrected or resort to the court with the defaulting side made to pay damages. Section of the Act also grants the right of requesting from the entity holding the data not to use it in a way detrimental to the person (Data Protection Act, 2008). Section 10 of the Act disallows information gathered to be used for marketing purpose. The aforementioned are the major rights granted to persons whose data or information is being held by legal authorities.

CCTV and social media presence and its obligation before UK Data Protection Law

Implementation of this law is a very important point of the Act. However the mode of operation of a firm determines how it gathers, processes and stores information. A restaurant with CCTV and social media presence has hidden cameras in strategic places where it captures and stores activities going on. Oftentimes, these eavesdropping devices are positioned in public places where general data are being collected but at times, they are position in secret places where private information are gathered. Also the nature of restaurant/pub is such that enjoys patronage and considering the social media factor, it is quite easy for this organization to gather information through its public and hidden cameras and its social media. Social media always has patronage because they offer services that are considered essential and which people use ordinarily.

Services like e-mailing, paging, forum and other types of such services draw people to use this organization. There is always the ever-present possibility of misappropriation of these data and information including collecting very private information which is not essential. To forestall such practices and establish freedom of information, UK Data Protection Act imposes the following obligations on this type of organization.

On collection of data, it must be processed fairly and legally

If need be, personal information must only be gathered for reason approved legally and such information shall not be used for any other purpose except for the purpose it is meant for

It is mandatory to collect very accurate information and keep them updated if necessary

If there are reasons to collect private data, once such information is processed, it must never be kept beyond the period provisioned by the law

It is prohibited to transfer personal data outside the European Union unless the country in questions promises to protect such data

It is mandatory to have organizational strategies that prevents against data loss

Legal issues for non-implementation

The law leaves no-one in doubt of possible punishment for refusing to comply with the provisions set out by the UK Data Protection Law. In situations where this organization fails to implement this law, penalties are incurred. According to Data Protection Act, part 2 (1998), section 21 of this act makes it an offence for unregistered and authorized entities to process information or fail in their duty to follow safety measures put in place. Section 55 of this Act also makes it an offense for third party entities like hackers to have access to data so far collected (Data Protection Act, part 2, 1998). Source: Data Protection Act, 2008. Part 2, Section: Rights of Data Subjects and Others.

UK Data Protection Discussion

Preceding sections of this report have dealt with various provisions made by the law and the penalties if found wanting. It has however been noted that Data Protection Act is so complex that it fails to explicitly define the obligations of agencies that gather information. Many of these agencies twist this law to their favor by refusing to honor one of the rights granted to the people who is right to obtain information gather about the subject for a fee. This is believed to be due to the inexplicit position of the Act.

While trying to protect the interest of those who own the data, this firm can put some securities measures in place to disallow staff gaining undue access to these data. Measures like restricting members of staff from having access to the server; constantly updating the company's software; locking customers' information with password and only allowing the right person to access it.

To some extent, this law this law is effected because going by the agencies concerned would always hind under the blanket of the Act not to divulge information. As regards security, people may tend to be economical with their personal information made available to others; they may even falsify their personal data in a bid to safeguard themselves. If this is also allowed to continue unabated, there will tend to be laxity in the security settings or organization because they are being fed with wrong information and information-capturing agencies will also become aggressive in collating information when they sense that people are not divulging it the way expected.

UK Data Protection Lens Conclusion

UK Data Protection Law has been critically examined and the level of implementation. Furthermore, its underlying principles were analyzed and the various rights, duties and obligations it gave to persons whose information are collected and the agencies or organization that collects the information. As for the rights granted, it has surely gone so far in protecting the person whose information was collected, with the assurance that the data is secure.

It was noted that if this organization must avoid penalties for breaching the provisions of this law, it must ensure that there are IT experts who prevent data leakage and to also ensure that data is properly and legally processed; ensure that once that information is got, it must not be diverted into personal property which can be traded with Third Party Company; By making sure that the information is not held beyond the period allowed by the law.

By ensuring that there are IT experts who prevent data leakage and to also ensure that data is properly and legally processed, this organization has shown commitment and compliance. There is still need for this Act to be more specific and explanatory, delegating precise duties and obligations to all concerned. It is until then that no entity will hide under the cloak of ignorance and truly protect data.

UK Data Protection Projects

Visit us and gain access to more UK Data Protection Dissertations. Click the link below:

Law Dissertations

New Guestbook Comments

    0 of 8192 characters used
    Post Comment

    • profile image

      Pete007 4 years ago

      Good lens. I'm in favour of data protection as long as my personal information is not distributed without my prior knowledge.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: ""

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)