LO.4

Question 1

4.1 UK Legislation and regulation

Answer 1

• Data Protection Act (DPA) 1998
• Regulation of Investigatory Powers Act (RIPA) 2000 (updated 2016)
• Protection of Freedoms Act 2012
• Privacy and Electronic Communications Regulations 2003 (amended 2011)
• Freedom of Information Act 2000
• Computer Misuse Act 1990
• Copyright, Designs and Patents Act 1988
• Equality Act (EQA) 2011
• Information Commissioner’s Office (ICO) codes of practice

Question 2

What are the different principles of the Data Protection Act (DPA) 1998

Answer 2

1. Personal data shall be processed fairly and lawfully, it must be acknowledged by the person, the purpose must be made clear too
2. Personal data shall be obtained only for one or more specified and lawful purposes, the data can only be used for the specified purpose
3. Personal data shall be adequate and not excessive, only the amount needed is taken.
4. Personal data shall be accurate and, where necessary, kept up to date
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act. Compensation can be gained if a right is broken.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data. Usernames passwords, encryption, access levels, backups, firewalls and other security measures are needed.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area. Legislations within other countries may be different than they are within the EU, meaning it may be risky to sent it to other countries.