Data Protection

The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament that provides a basis in law for the privacy and protection of data of living individuals in the UK.

The operation of the DPA is overseen by the Information Commissioner's Office (ICO) which is an independent public body, sponsored by the Ministry of Justice, responsible for protecting personal information, providing guidance, dealing with complaints and taking appropriate action when the law is breached.

The DPA places restrictions on organisations which collect or hold data which can identify a living person. The DPA does not apply to domestic situations, such as for example the keeping a personal address book. Every person or organisation that processes personal information is required to notify the Information Commissioner and an entry is created in the Public Register of Data Controllers. Failure to notify is a criminal offence unless you are exempt.

Data collected by any person or organisation may only be used for the specific purposes for which they were collected. Personal data may only be kept for an appropriate length of time and must not be disclosed to other parties without the consent of the data owner, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention and detection of crime).

The DPA creates rights for those who have their data stored and responsibilities for those who store or collect personal data.  The person who has their data processed has the right to: