|
Anyone
processing personal data must comply with the eight enforceable principles
of good practice. They say that data must be:
- Fairly
and lawfully processed;
- Processed
for limited purposes;
- Adequate,
relevant and not excessive;
-
Accurate;
- Not
kept longer than necessary;
- Processed
in accordance with the data subject's rights;
- Secure;
- Not
transferred to countries without adequate protection.
THE DATA PROTECTION ACT
Whenever
personal data are collected and used, people's lives may be negatively
affected if something goes wrong. For example, if details are not entered
correctly people can be unjustly refused benefits, credit, housing etc.
If data are not kept securely, people's privacy can be affected!
Processing
personal data
Processing
may only be carried out where one of the following conditions has been
met:
-
the individual has given his or her consent to the processing;
- the
processing is necessary for the performance of a contract with the
individual;
- the
processing is required under a legal obligation;
- the
processing is necessary to protect the vital interests of the individual;
- the
processing is necessary to carry out public functions;
- the
processing is necessary in order to pursue the legitimate interests
of the data controller or
- third
parties (unless it could prejudice the interests of the individual).
In our case, processing of the "indoor environmental data"
will be carried out on the condition that the individual has given his/her
consent to the processing.
Security
Data controllers must take security measures to safeguard personal data.
The 1998 Act requires that data controllers must take appropriate technical
or organisational measures to prevent the unauthorised or unlawful processing,
or disclosure, of data. Where a controller uses the services of a data
processor the security arrangements must be part of a written agreement
between the two.
Notification
Most
data controllers will need to notify the Commissioner, in broad terms,
of the purposes of their processing, the personal data processed, the
recipients of the personal data processed and the places overseas to
which the data are transferred. This information is made publicly available
in a register. Notification is not linked to enforcement. Under the
1998 Act all data controllers must comply with the data protection principles,
even if they are exempt from the requirement to notify. Data controllers
have a single register entry. Notifications are renewable annually.
The
rights of individuals (homeowners)
The
right of subject access.. .
The Data Protection Act allows individuals to find out what information
is held about themselves on computer and some paper records. This is
known as the right of subject access.
The
right of rectification, blocking, erasure and destruction.. .
The Data Protection Act allows individuals to apply to the Court to
order a data controller to rectify, block, erase or destroy personal
details if they are inaccurate or contain expressions of opinion which
are based on inaccurate data.
The
right to prevent processing …
A data subject can ask a data controller to stop or request that they
do not begin processing relating to him or her where it is causing,
or is likely to cause, substantial unwarranted damage or substantial
distress to themselves or anyone else. However, this right is not available
in all cases and data controllers do not always have to comply with
the request.
The right to compensation…
A data subject can claim compensation from a data controller for damage
or damage and distress caused by any breach of the Data Protection Act.
Compensation for distress alone can only be claimed in limited circumstances.
Rights
in relation to automated decision-taking …
An individual can ask a data controller to ensure that no decision which
significantly affects them is based solely on processing his or her
personal data by automatic means. T here are, however, some exemptions
to this.
- The
Data Protection Act 1998 came into force on 1 March 2000.
|
