Acts of Parliament of predecessor states to the United Kingdom

Acts of English Parliament to 1601 Acts of English Parliament to 1641 Ordinances and Acts (War & Interregnum) to 1660 Acts of English Parliament to 1699 Acts of English Parliament to 1706 Acts of Parliament of Scotland Acts of Irish Parliament to 1700 Acts of Irish Parliament to 1800

Acts of Parliament of the United Kingdom

1707–1719 | 1720–1739 | 1740–1759 1760–1779 | 1780–1800 | 1801–1819 1820–1839 | 1840–1859 | 1860–1879 1880–1899 | 1900–1919 | 1920–1939 1940–1959 | 1960–1979 | 1980–1999 2000–Present

Acts of the Scottish Parliament

Acts of the Northern Ireland Parliament

Acts of the Northern Ireland Assembly

Measures of the National Assembly for Wales

Orders in Council for Northern Ireland

United Kingdom Statutory Instruments

The Data Protection Act (DPA) is a United Kingdom Act of Parliament. This is a list of Acts of Parliament of the English Parliament during that body's existence prior to the Act of Union of 1707 This is a list of Acts of Parliament of the English Parliament during that body's existence prior to the Act of Union of 1707 This is a list of Ordinances and Acts of the Parliament of England from 1642 to 1660, during the English Civil War and the Interregnum. This is a list of Acts of Parliament of the English Parliament during that body's existence prior to the Act of Union of 1707 This is a list of Acts of Parliament of the English Parliament during that body's existence prior to the Act of Union of 1707 List of Acts of the Scottish Parliament to 1707 is a list of Acts of Parliament of the Parliament of Scotland. This is an incomplete list of Acts of the Parliament of Ireland for the years up to 1700. This is an incomplete list of Acts of the Parliament of Ireland for the years 1701 to 1800. This is an incomplete list of Acts of the Parliament of Great Britain for the years 1707-1719 This is an incomplete list of Acts of the Parliament of Great Britain for the years 1720-1739 This is an incomplete list of Acts of the Parliament of Great Britain for the years 1740-1759 This is an incomplete list of Acts of the Parliament of Great Britain for the years 1760-1779 This is an incomplete list of Acts of the Parliament of Great Britain for the years 1780-1800 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1801-1819 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1820-1839 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1840-1859 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1860-1879 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1880-1899 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1900-1919 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1920-1939 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1940-1959 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1960-1979 This is an incomplete list of Acts of the Parliament of the United Kingdom for the years 1980-1999 This is a list of Acts of the Parliament of the United Kingdom for the years 2000 to the present "Acts of the Scottish Parliament" redirects here For pre-Union acts see List of Acts of the Scottish Parliament to 1707. This is a list of Acts of the Parliament of Northern Ireland, from its first session in 1921 to suspension in 1972. This is a list of Acts of the Northern Ireland Assembly passed by that body from its establishment in 2000 until its suspension in 2002 and from its re-establishment in |align=left| Contemporary Welsh Law English Law Courts of England and Wales ---- National Assembly The is a list of Orders in Council for Northern Ireland which are Primary legislation for the province when it is being directly ruled from London and also for A Statutory Instrument ( SI) is the principal form in which delegated or Secondary legislation is made in Great Britain. The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom, the UK or Britain,is a Sovereign state located An Act of Parliament is a Law enacted as Primary legislation by a national or sub-national Parliament. It defines a legal basis for the handling in the UK of information relating to living people. It is the main piece of legislation that governs protection of personal data in the UK. Data privacy is the relationship between collection and dissemination of Data, Technology, the public Expectation of privacy, and the Legal issues Although the Act does not mention privacy, in practice it provides a way in which individuals can enforce the control of information about themselves. Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively Most of the Act does not apply to domestic use,^[1] for example keeping a personal address book. Organisations in the UK are legally obliged to comply with this Act, subject to some exemptions.

Compliance with the Act is enforced by an independent government authority, the Information Commissioner's Office (ICO). Canada The Information Commissioner of Canada is an independent ombudsman appointed by the Parliament of Canada who investigates complaints from people who believe The ICO maintains guidance relating to the Act. ^[2]

The Act defines eight principles of information-handling practice.

The UK Data Protection Act is a large Act that has a reputation for complexity. ^[3] While the basic principles are honoured for protecting privacy, interpreting the act is not always simple. Many companies, organisations and individuals seem very unsure of the aims, content and principles of the DPA. Some hide behind the Act and refuse to provide even very basic, publicly available material quoting the Act as a restriction. The act also impacts on the way in which organisations conduct business in terms of who can be contacted for marketing purposes, not only by telephone and direct mail, but also electronically and has led to the development of permission based marketing strategies.

Contents 1 Plain-language summary of key principles 2 Personal data 3 Subject rights 4 Data protection principles 4.1 Conditions relevant to the first principle 5 Exemptions 6 Offences 7 Apparent flaws in the Act 8 References 9 See also 10 External links

Plain-language summary of key principles

This section provides a quick overview of what the Key Principles of information-handling practice mean. The Key Principles themselves are discussed below in the context of their definition in law.

• Data may only be used for the specific purposes for which it was collected.
• Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). Consent as a term of jurisprudence is a possible defence (an Excuse or justification against civil or criminal liability It is an offence for Other Parties to obtain this personal data without authorisation.
• Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
• Personal information may be kept for no longer than is necessary.
• Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data. The European Economic Area ( EEA) came into being on 1 January 1994 following an agreement between member states of European Free Trade Association (EFTAthe
• Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner. The Information Commissioner's Office (ICO in the United Kingdom, is a Non-departmental public body which reports directly to Parliament and is sponsored
• Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).

Also subjects are allowed/have the right to make changes to wrong information

Personal data

The Data Protection Act covers any data which can be used to identify a living person. This includes names, birthday and anniversary dates, addresses, telephone numbers, Fax numbers, e-mail addresses etc. It only applies to that data which is held, or intended to be held, on computers ('equipment operating automatically in response to instructions given for that purpose'), or held in a 'relevant filing system'.

It should be noted that an ordinary paper diary can be classified as a 'relevant filing system' if it can be demonstrated that the diary is used to support commercial activities (eg, a Salesperson's diary).

Subject rights

The Data Protection Act creates rights for those who have their data stored, and responsibilities for those who store or collect personal data.

The person who has their data processed has the right to^[4]

• View the data an organisation holds on them, for a small fee, known as 'subject access'^[5]
• Request that incorrect information be corrected. If the company ignores the request, a court can order the data to be corrected or destroyed, and in some cases compensation can be awarded. In Law, damages refers to the money paid or awarded to a Claimant (England Pursuer (Scotland or Plaintiff (US following a successful ^[6]
• Require that data is not used in a way which causes damage or distress. ^[7]
• Require that their data is not used for direct marketing. Direct marketing is a sub-discipline and type of Marketing. There are two main definitional characteristics which distinguish it from other types of marketing ^[8]

Data protection principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-
   1. at least one of the conditions in Schedule 2 is met, and
   2. in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Conditions relevant to the first principle

• Personal data should only be processed fairly and lawfully. In order for data to be classed as 'fairly processed', at least one of these six conditions must be applicable to that data.
  1. The data subject (the person whose data is stored) has consented ("given their permission") to the processing;
  2. Processing is necessary for 'the performance of a contract (any processing not directly required to complete a contract would not be "fair");
  3. Processing is required under a legal obligation (other than one stated in the contract);
  4. Processing is necessary to protect the vital interests of the data subject's rights;
  5. Processing is necessary to carry out any public functions;
  6. Processing is necessary in order to pursue the legitimate interests of the "data controller" or "third parties" (unless it could unjustifiably prejudice the interests of the data subject).

Exemptions

The Act is structured such that all processing of personal data is covered by the act, while providing a number of exemptions in Part IV. ^[1] Notable exemptions are:

• Section 28 - National security. Any processing for the purpose of safeguarding national security are exempt from all the data protection principles, as well as Part II (subject access rights), Part III (notification), Part V (enforcement), and Section 55 (Unlawful obtaining of personal data).
• Section 29 - Crime and taxation. Data processed for the prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of taxes are exempt from the first data protection principle.
• Section 36 - Domestic purposes. Processing by an individual only for the purposes of that individual's personal, family or household affairs is exempt from all the data protection principles, as well as Part II (subject access rights) and Part III (notification).

Offences

• Section 55 - Unlawful obtaining of personal data. This Section makes it an offence for people (Other Parties), such as hackers and impersonators, outside the organisation to obtain unauthorised access to the personal data. ^[9]

• Section 56 - This section makes it a criminal offence to require an individual to make a Subject Access Request relating to cautions or convictions for the purposes or recruitment, continued employment, or the provision of services. A ‘Police ‘Caution’ administered for the purpose of disposing of a criminal offence should In Law, a conviction is the Verdict that results when a Court of law finds a Defendant guilty of a Crime. ^[10] As of 2007 this section has not yet been enabled. ^[11] According to the government, this section will not be enabled until the Criminal Records Bureau is providing a Basic Disclosure service. The Criminal Records Bureau (CRB established in March 2002 is an Executive Agency of the Home Office in the United Kingdom, which conducts Criminal ^[12] The provision of a Basic Disclosure service is dependent on s. 112 of the Police Act 1997 being enacted, which provides for "Criminal Conviction Certificate". ^[11]

Apparent flaws in the Act

A number of apparent flaws may be found in the text of The Act. The definition of personal data is data which relate to a living individual who can be identified:—

• from those data, or
• from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

Although this is a subjective definition, since whether particular data are personal data depends on which data controller is referred to in the definition. Elsewhere in the act, the definition of what constitutes personal data is generally treated as objective.

The effect of this is that personal data encrypted with asymmetric cryptography using a third party's public key is not itself personal data. Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key Such encrypted data alone cannot be used to identify an individual, and the necessary private key is not likely to come into the possession of the data controller. Since the encrypted data are not personal data, none of the provisions of The Act apply.

Another issue arises from the mutually recursive definition of data controller. The data controller is a person who determines the purposes for which and the manner in which any personal data are, or are to be, processed. However the personal data are defined above according to the likely availability of information available to the data controller. This mutual recursion makes the determination of what is and what isn't personal data formally undecidable in some circumstances. In Mathematical logic, a sentence &sigma is called independent of a given first-order theory T if T neither proves nor

One potential effect of such flaws is that data processing systems can readily be devised which circumvent the spirit but not the letter of The Act.

Personal data which are normally held for under 40 days may be legitimately denied in Subject Access Requests under The Act. This is a consequence of the time limit Data Controllers must meet in making their response. If the data have been deleted by the normal procedures of the business by the time the Data Controller responds to a request, those data cannot be supplied. For data such as CCTV images which are routinely overwritten, it may be impossible for a subject to exercise their data access rights. Closed-circuit television ( CCTV) is the use of Video cameras to transmit a signal to a specific place limited set of monitors

References

1. ^ ^{a b} Data Protection Act 1998, Part IV (Exemptions), Section 36, Office of Public Sector Information, accessed September 6, 2007
2. ^ Guidance - The Data Protection Act, Page of Assorted Guidance, Office of the Information Commissioner, accessed October 20, 2007
3. ^ Bainbridge, D: "Introduction to Computer Law - Fifth Edition", page 430. The Office of Public Sector Information ( OPSI) is the body responsible for the operation of Her Majesty's Stationery Office (usually abbreviated as HMSO Events 3114 BC - According to the Proleptic Julian calendar the current era in the Maya Long Count Calendar started Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. The Information Commissioner's Office (ICO in the United Kingdom, is a Non-departmental public body which reports directly to Parliament and is sponsored Events 1740 - Maria Theresa takes the throne of Austria. France, Prussia, Bavaria and Saxony Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Pearson Education Limited, 2005
4. ^ Your rights,, ICO, accessed September 6, 2007
5. ^ As of 2006, the maximum fee is £10 per item, FAQs, ICO
6. ^ Correcting information, ICO
7. ^ Data Protection Act 1998, Part III (Notification by Data Controllers), Section 10, Office of Public Sector Information, accessed September 6, 2007
8. ^ Data Protection Act 1998, Part III (Notification by Data Controllers), Section 11, Office of Public Sector Information, accessed September 6, 2007
9. ^ Data Protection Act 1998, Part VI (Miscellaneous and General), Section 55, Office of Public Sector Information, accessed September 14, 2007
10. ^ Data Protection Act 1998, Part VI (Miscellaneous and General), Section 56, Office of Public Sector Information, accessed September 14, 2007
11. ^ ^{a b} British Employment Law website (emplaw.co.uk), Criminal law aspects / vetting of job applicants / position under Police Act 1997
12. ^ Hansard, 28 Jun 2005 : Column 1451W

See also

• Data privacy
• Freedom of Information Act 2000
• Computer Misuse Act 1990
• Privacy and Electronic Communications (EC Directive) Regulations 2003

External links

• The Information Commissioner
• Data Protection Act 1998 (full text from OPSI)
• Council of Europe - ETS no. 108 - Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981) - basis for Data Protection Act 1984
• Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data - basis for Data Protection Act 1998
• The Department for Constitutional Affairs
• The Data Protection Act Explained
• Data Protection Act 1998 (full text)
• The Employment Practice Code (an explanation of employees rights from the Data Protection Act) (full text)

copied

Events 3114 BC - According to the Proleptic Julian calendar the current era in the Maya Long Count Calendar started Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. The Office of Public Sector Information ( OPSI) is the body responsible for the operation of Her Majesty's Stationery Office (usually abbreviated as HMSO Events 3114 BC - According to the Proleptic Julian calendar the current era in the Maya Long Count Calendar started Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. The Office of Public Sector Information ( OPSI) is the body responsible for the operation of Her Majesty's Stationery Office (usually abbreviated as HMSO Events 3114 BC - According to the Proleptic Julian calendar the current era in the Maya Long Count Calendar started Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. The Office of Public Sector Information ( OPSI) is the body responsible for the operation of Her Majesty's Stationery Office (usually abbreviated as HMSO Events 81 - Domitian becomes Emperor of the Roman Empire upon the death of his brother Titus. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. The Office of Public Sector Information ( OPSI) is the body responsible for the operation of Her Majesty's Stationery Office (usually abbreviated as HMSO Events 81 - Domitian becomes Emperor of the Roman Empire upon the death of his brother Titus. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Data privacy is the relationship between collection and dissemination of Data, Technology, the public Expectation of privacy, and the Legal issues See Freedom of information in the United Kingdom for a general discussion of Freedom of information legislation throughout the United Kingdom. The Computer Misuse Act 1990 is an Act of the UK Parliament. The Act's introduction followed the decision in R v Gold (1988 1 AC 1063 with the bill's critics charging The Privacy and Electronic Communications (EC Directive Regulations 2003 is a law in the United Kingdom which made it unlawful amongst other things to transmit an automated The Office of Public Sector Information ( OPSI) is the body responsible for the operation of Her Majesty's Stationery Office (usually abbreviated as HMSO

---

© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic