Data Protection » History » Version 9
Version 8 (Steve Welburn, 2012-11-20 10:11 AM) → Version 9/23 (Steve Welburn, 2012-11-20 10:18 AM)
h2. Data Protection
Data protection protects the rights of individuals over their personal information. information, particularly data should only be used for the purposes for which it has been gathered and should be held appropriately securely.
The core of the Data Protection Act is a set of data protection principles. These state that personal data shall be processed fairly and lawfully and shall not be processed unless the subject gave their consent except under "specific conditions":http://www.legislation.gov.uk/ukpga/1998/29/schedule/2 (for sensitive personal data, there are "further restrictions":http://www.legislation.gov.uk/ukpga/1998/29/schedule/3). In addition, personal data should be:
* obtained only for specified purposes, and should not be used for anything else;
* adequate, relevant and not excessive in relation to the purposes (i.e. only the data that is required);
* accurate and, where necessary, kept up to date;
* kept no longer than is necessary for the purposes;
* processed in accordance with the rights of the data subjects under the Act;
* protected from:
** unauthorised or unlawful processing
** and loss, destruction; or damage
* shall not be transferred outside the European Economic Area without similar protection being provided.
Further information:
* QMUL Academic Registry and Council Secretariat (ARCS) information on "data protection":http://www.arcs.qmul.ac.uk/information_governance/dp/data_protection.html
* JISC "Data Protection Code of Practice for HE and FE":http://www.jisc.ac.uk/publications/generalpublications/2001/pub_dpacop_0101.aspx
* Canterbury Christchurch University document on "Data Protection in Research":http://www.canterbury.ac.uk/Research/Documents/DataProtection.pdf
* "EU Data Protection Directive":http://ec.europa.eu/justice/data-protection/index_en.htm
The Act:
* "Data Protection Act 1998":http://www.legislation.gov.uk/ukpga/1998/29/contents
Data protection protects the rights of individuals over their personal information. information, particularly data should only be used for the purposes for which it has been gathered and should be held appropriately securely.
The core of the Data Protection Act is a set of data protection principles. These state that personal data shall be processed fairly and lawfully and shall not be processed unless the subject gave their consent except under "specific conditions":http://www.legislation.gov.uk/ukpga/1998/29/schedule/2 (for sensitive personal data, there are "further restrictions":http://www.legislation.gov.uk/ukpga/1998/29/schedule/3). In addition, personal data should be:
* obtained only for specified purposes, and should not be used for anything else;
* adequate, relevant and not excessive in relation to the purposes (i.e. only the data that is required);
* accurate and, where necessary, kept up to date;
* kept no longer than is necessary for the purposes;
* processed in accordance with the rights of the data subjects under the Act;
* protected from:
** unauthorised or unlawful processing
** and loss, destruction; or damage
* shall not be transferred outside the European Economic Area without similar protection being provided.
Further information:
* QMUL Academic Registry and Council Secretariat (ARCS) information on "data protection":http://www.arcs.qmul.ac.uk/information_governance/dp/data_protection.html
* JISC "Data Protection Code of Practice for HE and FE":http://www.jisc.ac.uk/publications/generalpublications/2001/pub_dpacop_0101.aspx
* Canterbury Christchurch University document on "Data Protection in Research":http://www.canterbury.ac.uk/Research/Documents/DataProtection.pdf
* "EU Data Protection Directive":http://ec.europa.eu/justice/data-protection/index_en.htm
The Act:
* "Data Protection Act 1998":http://www.legislation.gov.uk/ukpga/1998/29/contents