03 Data Management Flashcards
What is the purpose of the Data Protection Act 1998?
Controls how personal information is used by businesses, organisations and the government
How does the Data Protection Act 1998 define ‘personal data’?
Any data which relates to a living individual who can be identified by that data (but excludes expressions of opinion)
What does ‘processing’ data include under the Data Protection Act 1998?
Virtually anything relating to using data, e.g. recording, holding, adapting, disclosing, erasing etc.
Name some of the data protection principles under the Data Protection Act 1998.
Ensure personal data is:
- Used fairly and lawfully
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Accurate and kept up-to-date
- Kept for no longer than is necessary
- Processed in accordance with the rights of individuals under the Act (i.e. right of access to a copy, right to prevent sharing etc.)
- Kept secure and safe
- Not transferred outside the UK without adequate protection
How would you manage personal data to ensure compliance with the Data Protection Act 1998?
- Information maintained on secure servers
- Manage who can access it (e.g. password protection on CRM)
- Ensure employees understand that personal data should not be disclosed to anyone outside the business
- Maintain accuracy of records
- Securely delete information that is no longer required
What is the purpose of the Freedom of Information Act 2000?
Obliges public authorities to publish certain information about their activities to the public and allows members of the public to request certain information
What are some typical exemptions under the Freedom of Information Act 2000?
- Disclosing personal data that would be contrary to the Data Protection Act 1998
- Disclosing information that would likely harm a criminal investigation
- Disclosing information that would likely harm someone’s commercial interests
