South Birmingham College

Report
Data Protection Act

R. H. Shumon
06 November 2010
As a company, collecting data about customer, supplier etc will be a necessity and essential
to produce a database system and analysing those data would produce information which
will help to improve the structure of the company. Hence the company should know the
main principle about Data Act Protection. The Main principle of the Data Act to protect
personal data which must be according to the law processed fairly and lawfully. If personal
data is collected then a company/individual person who collected the data, should notify
the Information Commissioner to what extend this data will be used and how the data will
be kept secure. This personal data could be collected and processed for limited purposes
and this data should be used by the company only the way it mentioned to the Information
Commissioner. This data must be satisfactory, relevant and only give the information it
intended for. The data which is collected must be accurate and it is the responsibility of the
company to try to make sure that the data is correct but if the person, who is asked to give
the information, give false information then the company will not be held responsible for it.
The Personal Data collected can’t be kept longer than necessary.

The person, who has given the information, has the rights to read the information. The
company, who is holding this information, is to present that information in a way that it
could be understood by the person whose information being held to that company. The
person whose data has been collected has the rights to ask for deleting/removing their
information from the system. The data which has been collected must be secured and
accessed only by the person/s who has authority to do so, other than that any access will be
unauthorized and can be prosecuted according to the law. As many countries, outside the
European Union, do not have Data Protection Act this information and data should not be
transferred outside the European Union without satisfied security for that data.

Earlier Data Protection Act was only related to the information or data stored into a
computer system. This didn’t include the data collected and stored in paper file which can
be stored by a company without taking the subject’s permission. It was impossible to say
who is holding your data. But Jarvis, Alan Lawson, Jenny Kaye, Allen (p108, 2006) says that
the Data Protection Act 1998 covers all the means of collecting data and storing it computer
or filing cabinet or listing it on a paper. Still the insecurity of the data stored remained, a
physical attack to data bank or where it stored can be prosecuted if the person is caught. As
technology develops the means of stealing information has also increased. A company must
take all the precaution for security and look after the rights of the subject/s whose data has
been collected. Also a company need to maintain a backup and update time to time the
data they collected from the subject.

Limitations of these laws are if the culprit is not caught then nobody would be able to
punish them according to the law. It is also very hard to track any person who is committing
cyber crime.

R.H.Shumon South Birmingham College S45208512

Reference:

JARVIS, LAWSON, A., KAYE, J., and ALLEN (2006) BTEC First: ICT Practitioners (2nd Edition)
(online). Pearson Education Limited (Accessed 22 October 2010). Available at
<http://site.ebrary.com/lib/southbirmingham >

Bibliography:

Meakin, P. (1998) Personal Data and Data Protection [Online]. [Accessed 22 October
2010]. Available at <http://www.hollyfield.kingston.sch.uk/gcseit/GCSE/dataprot.htm>.

BBC, Bitesize, ICT:Data Protection Act (Accessed 22 October 2010). Available at

<http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/>.

Legislation.gov.uk, Data Protection Act 1998 (1998) [Accessed 22 October 2010]. Available
at <http://www.legislation.gov.uk/ukpga/1998/29/introduction>.

R.H.Shumon South Birmingham College S45208512