Monday, 3 October 2016

Data Protection Act (1998)

  Data Protection Act (1998)

What is the Data Protection Act of 1998?
The DPA (Data Protection Act) was a legislation passed by the parliament to put a form of digital protection on people's information so it can't just be handed out to this, that and the other. Its a type of legal right to       the information stored about you.    

The Data Protection Principles are as follows: - 
  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:
    1. at least one of the conditions in Schedule 2 is met, and
    2. in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. About the rights of individuals e.g. personal data shall be processed in accordance with the rights of data subjects (individuals).
  7. Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal

Examples of when it was broken (Data Protection Act)

One of the biggest times the data protection act was broken was when Sony received a £250K fine for not using the most up to date software and security systems available for its PlayStation Network. This resulted in PSN being hacked a large number of times and caused loss of accounts and bank details. It was described as a 'serious Breach' of the Data Protection Act and the Japanese company took a big hit from it.

Another one was when a 15 year old school pupil from Hampshire hacked into his schools network and managed to expose over 20,000 peoples personal details including 7,000 pupils medical details.

https://www.theguardian.com/technology/2011/aug/09/pupil-hacked-hampshire-school-website

http://www.thedrum.com/news/2013/01/24/sony-fined-250k-over-serious-data-protection-act-breach

https://en.wikipedia.org/wiki/Data_Protection_Act_1998#Data_protection_principles

http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionactrev1.shtml









1 comment:

  1. This is good information Cameron but we need a good part of it to be in your own words. some examples of when it has been broken would be a good way to do that.

    ReplyDelete