Professional Documents
Culture Documents
Privacy Protection: BLAW 2403
Privacy Protection: BLAW 2403
Privacy Protection
BLAW 2403| IT LAW
Prepared by : Norlaili Bt Mohd Basri
Faculty of Information and Communication Technology
information.
relationships with social institutions, individual privacy faces new threats and new
opportunities.
• Over the last several years, the area of technology and privacy has been transformed,
Definition of Data
• This term is only used to refer to the personal information; that is information relating
• The Data Protection Act 1984 has now been repealed by the Data ProtectionData
• The UK has had a Data Protection act since 1984 which gave individuals rights as data
subjects.
• These rights include giving access to data stored about us, a right to have inaccurate
• It has it's origins in the European Rights Convention, article 8 - giving individuals a
The person who has their data processed has the right to
• View the data an organisation holds on them, for a small fee, known as 'subject
access fee'
• Request that incorrect information be corrected. If the company ignores the request, a
court can order the data to be corrected or destroyed, and in some cases
compensation can be awarded.
• Require that data is not used in any way that may potentially cause damage or
distress.
• The UK DP Act requires data users to register with the Data Protection Registrar
indicating the data they intend to store, the processes which will be applied to it, and
the use to which the data is put. Once registered the data user must then ensure that
they comply with the principles of the Act.
• 2. personal data shall be held only for lawful and specified purposes;
• 3. personal data shall not be used or disclosed in any manner incompatible with
• 4 personal data shall be adequate, relevant and not excessive in relation to the
• 5. that personal data shall be accurate and, where necessary, kept up to date;
• 6 personal data shall not be kept longer than necessary for the purposes for
• s.5(1) & (5) - any person who 'holds' personal data without being registered as
• s.5(2) & (5) - any registered person who knowingly or reckless1 obtains uses,
personal data without the authority of the bureau's customer for whom the
processing is carried out