Data Protection Act
The Data Protection Act 1998 came into force on 01 March
2000. It regulates the collection and use of personal information
and allows individuals access to personal information that
organisations hold about them. It affects all organisations
(not just public authorities) that use information about individuals.
The Act aims to ensure that organisations which use information
about living people do so in accordance with certain specified
principles to protect the civil liberties of the person who
is the data subject.
If your non-profit organisation holds personal data it will
have to be registered under the Data Protection Act. Organisations
are required to provide a brief description of the personal
data they have, including its source and the persons to whom
that data may be disclosed. The registered user is obliged
to comply with the eight Data Protection principles of good
practice. The data must be:
- Fairly and lawfully processed.
- Processed for limited purposes.
- Adequate, relevant and not excessive.
- Accurate.
- Not kept longer than necessary
- Processed in accordance with the data subject's rights.
- Secure.
- Not transferred to other countries without adequate protection.
Personal data covers both facts and opinions about the individual.
It also includes information regarding the intentions of the
data controller towards the individual, although in some limited
circumstances exemptions will apply.
For more information about the 1998 Data Protection Act and
implications for your organisation, see www.dataprotection.gov.uk/dpr/dpdoc.nsf
Find out more about other IT issues and examples in the In
more depth section.
|
