Data Protection » History » Version 15
Steve Welburn, 2012-11-20 10:32 AM
| 1 | 1 | Steve Welburn | h2. Data Protection |
|---|---|---|---|
| 2 | 1 | Steve Welburn | |
| 3 | 9 | Steve Welburn | Data protection protects the rights of individuals over their personal information. The core of the Data Protection Act is a set of data protection principles. These state that personal data shall be processed fairly and lawfully and shall not be processed unless the subject gave their consent except under "specific conditions":http://www.legislation.gov.uk/ukpga/1998/29/schedule/2 (for sensitive personal data, there are "further restrictions":http://www.legislation.gov.uk/ukpga/1998/29/schedule/3). In addition, personal data should be: |
| 4 | 8 | Steve Welburn | * obtained only for specified purposes, and should not be used for anything else; |
| 5 | 8 | Steve Welburn | * adequate, relevant and not excessive in relation to the purposes (i.e. only the data that is required); |
| 6 | 8 | Steve Welburn | * accurate and, where necessary, kept up to date; |
| 7 | 8 | Steve Welburn | * kept no longer than is necessary for the purposes; |
| 8 | 8 | Steve Welburn | * processed in accordance with the rights of the data subjects under the Act; |
| 9 | 8 | Steve Welburn | * protected from: |
| 10 | 8 | Steve Welburn | ** unauthorised or unlawful processing |
| 11 | 8 | Steve Welburn | ** and loss, destruction; or damage |
| 12 | 8 | Steve Welburn | * shall not be transferred outside the European Economic Area without similar protection being provided. |
| 13 | 5 | Steve Welburn | |
| 14 | 15 | Steve Welburn | However, if research is not targeted at particular individuals and it will not cause distress or damage to a data subject, data may be processed for other purposes and held indefinitely. |
| 15 | 15 | Steve Welburn | |
| 16 | 15 | Steve Welburn | right of access to personal data where the data is processed for research purposes and the results do not identify data subjects |
| 17 | 15 | Steve Welburn | |
| 18 | 11 | Steve Welburn | JISC "state":http://www.jisc.ac.uk/publications/generalpublications/2001/pub_dpacop_0101.aspx: |
| 19 | 12 | Steve Welburn | |
| 20 | 10 | Steve Welburn | bq. Data controllers are required by the Act to process personal data only where they have a clear purpose for doing so, and then only as necessitated by that purpose. A data controller’s purpose for any personal data processing operation should thus be clearly set out in advance of the processing, and should be readily demonstrable to data subjects. |
| 21 | 10 | Steve Welburn | |
| 22 | 4 | Steve Welburn | Further information: |
| 23 | 4 | Steve Welburn | * QMUL Academic Registry and Council Secretariat (ARCS) information on "data protection":http://www.arcs.qmul.ac.uk/information_governance/dp/data_protection.html |
| 24 | 14 | Steve Welburn | * JISC "Data Protection Code of Practice for HE and FE":http://www.jisc.ac.uk/publications/generalpublications/2001/pub_dpacop_0101.aspx with specific section on "personal data in research":http://www.jisc.ac.uk/publications/generalpublications/2001/pub_dpacop_0101.aspx#research |
| 25 | 5 | Steve Welburn | * Canterbury Christchurch University document on "Data Protection in Research":http://www.canterbury.ac.uk/Research/Documents/DataProtection.pdf |
| 26 | 4 | Steve Welburn | * "EU Data Protection Directive":http://ec.europa.eu/justice/data-protection/index_en.htm |
| 27 | 1 | Steve Welburn | |
| 28 | 4 | Steve Welburn | The Act: |
| 29 | 4 | Steve Welburn | * "Data Protection Act 1998":http://www.legislation.gov.uk/ukpga/1998/29/contents |