ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Data Protection Law

Updated on July 23, 2013

UK Data Protection Law Introduction

Let's start by defining data law, going by the provisions of the UK Data Protection Law, organizations apply the dictates of the Act to retain data for the time period provided while those whose information are being kept are wary of the safety of their personal data. It is already noted that compliance with the codes of UK Data Protection Law protects both parties. Overview of the provision of this law and its implementations by organization has been dealt with in this Squidoo Lens.

UK Data Protection Law

A Background

UK Data Protection Law came to force after the United Kingdom Parliament passed the The Data Protection Act 1998. This law has really made provisions for each entity on which kind of data are to be collected and which are to be exempted. Some guidelines were set on how to process the information in the custody of those who got it. This law does not give uncontrolled access to people's information and also gave a series of measures to forestall any entity using the provision of this law to their own advantage thereby disregarding the rights and privileges of others. Although the methods of collecting these information differ from one organization to another, the provisions of data protection law makes case for the implementation of the codes of the law.

This lens focuses on a restaurant /pub chain with CCTVs and social media presence and its implementation of privacy data protection. There are set rules, duties and obligation imposed on this industry by the UK Data Protection Law. Notable among the rules which this industry must oblige and implement is the EU data protection directive of 1995 which states that "personal data may only be transferred from the countries in the European Economic Area to countries which provide adequate privacy protection" and "Working party on the Protection of Individuals with regard to the Processing of Personal Data" (European Commission). All these provision are part of the UK Data Protection Law and this industry, likewise others are expected to comply with its provisions and to fully implement the law. In the subsequent part of this report, rights and obligations of the person whose information is being stored and the legal entity that is responsible for storing and processing the information, and then relates it to how these provisions of the Act is being implemented in this industry.

Is Data Protection Instrusive?

See results

Data Protection Videos

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

You'll connect with your readers. If you type a sentence here about why you love this video.

Why privacy is an Issue

Privacy is an issue in data protection because personal data are always the point of target by hackers and other attackers alike. The makes it even more important to protect data and make it private. UK data protection law is the main legislation in the UK which oversees the protection of personal data. This law does not in itself promise total privacy to the people but it came to fore in recognition of the European Union data protection directive of 1995. This directive mandated it on Member States of the EU to ensure the protection of peoples' fundamental rights, freedoms and right for the information collected to be protected. Considering some situations where people's private data are demanded, it then becomes necessary for the information to be secured or protected. It is upon this principle that UK data protection law is based.

Previous to the enactment of the of UK Data protection law, two major legislations were in effect in the UK. One of the legislations is Data Protection Act of 1984 which gave set rules on how information could be collected and processed and Access to personal File Act of 1987 which was built on the provisions of Data Protection Act of 1984. The present UK Data Protection Act had now replaced the previous in addition to the UK's compliance to the European Union data protection directive of 1995. This is the brief evolution of data protection law.

Notable about this law is its definition of the particular kind of information which is considered and exempted by the Act. Only personal information are recognized by the act but the act does not create a blanket over the meaning of personal information. By personal information, it means the information with which an individual can be identified. This law only applies to individual and persons who can be identified by unique or distinguishing features. Therefore the Act does not cover a pack of information which is not identifiable or someone who is anonymous. That means that this law does not make provision for someone who no-one can identify. Identification can take the form of name, address or phone number while data, as referred to by the Act refers to information that can stored on an electronic device like the computer or information that can be filed in a filing system.

In order to ensure maximum understanding and implementation of the Act, the provisions of the Act was modified by the freedom of information Act to include the basic legal and ethical requirements of business entities (Pinsent, 2007). According to ICO (2007), UK Data Protection Act grants some rights to persons whose data or information are being stored, and enforces some obligations on entities that collect and/or store people's data and information. The person whose data or information is being stored is granted the right by Data Act to request for his information for a token (ICO, 2007). In situations where the information held concerning a person is deemed incorrect, such person can request that the information be corrected or resort to the court with the defaulting side made to pay damages. Section of the Act also grants the right of requesting from the entity holding the data not to use it in a way detrimental to the person (Data Protection Act, 2008). Section 10 of the Act disallows information gathered to be used for marketing purpose. The aforementioned are the major rights granted to persons whose data or information is being held by legal authorities.

CCTV and social media presence and its obligation before UK Data Protection Law

Implementation of this law is a very important point of the Act. However the mode of operation of a firm determines how it gathers, processes and stores information. A restaurant with CCTV and social media presence has hidden cameras in strategic places where it captures and stores activities going on. Oftentimes, these eavesdropping devices are positioned in public places where general data are being collected but at times, they are position in secret places where private information are gathered. Also the nature of restaurant/pub is such that enjoys patronage and considering the social media factor, it is quite easy for this organization to gather information through its public and hidden cameras and its social media. Social media always has patronage because they offer services that are considered essential and which people use ordinarily.

Services like e-mailing, paging, forum and other types of such services draw people to use this organization. There is always the ever-present possibility of misappropriation of these data and information including collecting very private information which is not essential. To forestall such practices and establish freedom of information, UK Data Protection Act imposes the following obligations on this type of organization.

On collection of data, it must be processed fairly and legally

If need be, personal information must only be gathered for reason approved legally and such information shall not be used for any other purpose except for the purpose it is meant for

It is mandatory to collect very accurate information and keep them updated if necessary

If there are reasons to collect private data, once such information is processed, it must never be kept beyond the period provisioned by the law

It is prohibited to transfer personal data outside the European Union unless the country in questions promises to protect such data

It is mandatory to have organizational strategies that prevents against data loss

Legal issues for non-implementation

The law leaves no-one in doubt of possible punishment for refusing to comply with the provisions set out by the UK Data Protection Law. In situations where this organization fails to implement this law, penalties are incurred. According to Data Protection Act, part 2 (1998), section 21 of this act makes it an offence for unregistered and authorized entities to process information or fail in their duty to follow safety measures put in place. Section 55 of this Act also makes it an offense for third party entities like hackers to have access to data so far collected (Data Protection Act, part 2, 1998). Source: Data Protection Act, 2008. Part 2, Section: Rights of Data Subjects and Others.

UK Data Protection Discussion

Preceding sections of this report have dealt with various provisions made by the law and the penalties if found wanting. It has however been noted that Data Protection Act is so complex that it fails to explicitly define the obligations of agencies that gather information. Many of these agencies twist this law to their favor by refusing to honor one of the rights granted to the people who is right to obtain information gather about the subject for a fee. This is believed to be due to the inexplicit position of the Act.

While trying to protect the interest of those who own the data, this firm can put some securities measures in place to disallow staff gaining undue access to these data. Measures like restricting members of staff from having access to the server; constantly updating the company's software; locking customers' information with password and only allowing the right person to access it.

To some extent, this law this law is effected because going by the agencies concerned would always hind under the blanket of the Act not to divulge information. As regards security, people may tend to be economical with their personal information made available to others; they may even falsify their personal data in a bid to safeguard themselves. If this is also allowed to continue unabated, there will tend to be laxity in the security settings or organization because they are being fed with wrong information and information-capturing agencies will also become aggressive in collating information when they sense that people are not divulging it the way expected.

UK Data Protection Lens Conclusion

UK Data Protection Law has been critically examined and the level of implementation. Furthermore, its underlying principles were analyzed and the various rights, duties and obligations it gave to persons whose information are collected and the agencies or organization that collects the information. As for the rights granted, it has surely gone so far in protecting the person whose information was collected, with the assurance that the data is secure.

It was noted that if this organization must avoid penalties for breaching the provisions of this law, it must ensure that there are IT experts who prevent data leakage and to also ensure that data is properly and legally processed; ensure that once that information is got, it must not be diverted into personal property which can be traded with Third Party Company; By making sure that the information is not held beyond the period allowed by the law.

By ensuring that there are IT experts who prevent data leakage and to also ensure that data is properly and legally processed, this organization has shown commitment and compliance. There is still need for this Act to be more specific and explanatory, delegating precise duties and obligations to all concerned. It is until then that no entity will hide under the cloak of ignorance and truly protect data.

UK Data Protection Projects

Visit us and gain access to more UK Data Protection Dissertations. Click the link below:

Law Dissertations

New Guestbook Comments

    0 of 8192 characters used
    Post Comment

    • profile image

      Pete007 4 years ago

      Good lens. I'm in favour of data protection as long as my personal information is not distributed without my prior knowledge.