CHAPTER 5

Privacy Protection
BLAW 2403| IT LAW
Prepared by : Norlaili Bt Mohd Basri
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

Technology and Privacy

• Privacy is the ability to negotiate social relationships by controlling access to personal

information.

• As laws, policies, and technological design increasingly structure people's

relationships with social institutions, individual privacy faces new threats and new
opportunities.

• Over the last several years, the area of technology and privacy has been transformed,

creating a landscape that is both dangerous and encouraging.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

Definition of Data

• This term is only used to refer to the personal information; that is information relating

to individuals rather than information relating to companies governments. For

example, information relating to travel, or credit, and health as information about
criminal confidences

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

The UK Data Protection Act 1984

• The Data Protection Act 1984 has now been repealed by the Data ProtectionData

Protection Data Protection Act 1998 c.29

• The UK has had a Data Protection act since 1984 which gave individuals rights as data

subjects.

• These rights include giving access to data stored about us, a right to have inaccurate

information corrected or removed and to claim compensation if stored information is

misused.

• It has it's origins in the European Rights Convention, article 8 - giving individuals a

right to respect for their private life.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

The person who has their data processed has the right to

• View the data an organisation holds on them, for a small fee, known as 'subject

access fee'

• Request that incorrect information be corrected. If the company ignores the request, a

court can order the data to be corrected or destroyed, and in some cases
compensation can be awarded.

• Require that data is not used in any way that may potentially cause damage or

distress.

• Require that their data is not used for direct marketing.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

The UK Data Protection Act 1984

• The UK DP Act requires data users to register with the Data Protection Registrar

indicating the data they intend to store, the processes which will be applied to it, and
the use to which the data is put. Once registered the data user must then ensure that
they comply with the principles of the Act.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

The UK Data Protection Act 1998

• The purpose of DPA is to regulate the use of automatically processed information

relating to the individuals and the provisions of services relating to the individuals(data
subjects)

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

Application of Data Protection

Principles (8) - Schedule 1 Data Protection Act (DPA)
• 1. personal data shall be fairly and lawfully obtained and processed;

• 2. personal data shall be held only for lawful and specified purposes;

• 3. personal data shall not be used or disclosed in any manner incompatible with

the purposes for which they are held;

• 4 personal data shall be adequate, relevant and not excessive in relation to the

purposes for which they are held;

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

• 5. that personal data shall be accurate and, where necessary, kept up to date;

• 6 personal data shall not be kept longer than necessary for the purposes for

which they are held;

• 7. data subjects shall have access to data relating to them; and

• 8. personal data shall be protected by reasonable security measures against

unauthorised access, alteration, disclosure, destruction or loss.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 Faculty of Information and Communication Technology

BLAW 2403 | Information Technology Law

Offences under DPA (UK)

• s.5(1) & (5) - any person who 'holds' personal data without being registered as

a data user, or having applied for registration.

• s.5(2) & (5) - any registered person who knowingly or reckless1 obtains uses,

discloses or transfers personal data of a kind not described in that person's

register entry.

• S.15(1) & (3) - a computer bureau which knowing1 or recklessly discloses

personal data without the authority of the bureau's customer for whom the
processing is carried out

• S.12(10) - failure to comply with a Registrar's transfer prohibition notice

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide