The Data Protection Act

Question 1

What does the DPA do?

Answer 1

It limits the data held by individual organisations to only that which they need. It stops them holding excessive quantities of data on individuals that they don’t need.

Question 2

Describe personal data.

Answer 2

Any data which relates to a living, identifiable individual.

Question 3

Describe data. (DPA)

Answer 3

Anything that is held which can be said to be part of a record. This covers both manual and computer data. If you store data on people, such as their health or educational records, whether it is on paper or on a computer, it is data.

Question 4

Describe processing. (DPA)

Answer 4

Obtaining, recording or holding the information or data. It also covers any operation performed on it.

Question 5

What are some operations when processing data? (DPA)

Answer 5

Operations include organising, changing retrieving it or using it in some way. This also includes disclosing it or destroying it.

Question 6

What is the data subject?

Answer 6

The data subject is the living identifiable human being about whom the data is being held.

Question 7

What is the data controller?

Answer 7

This is the individual in the company who is responsible for making sure that all the provisions of the DPA are being complied with.

Question 8

What is the data processor?

Answer 8

This is any person (other than an employee of the data controller) who processes the data on behalf of the data controller. Big companies hire third party companies to process their data for them.

Question 9

Describe the recipient.

Answer 9

These are individuals who are given the data in order to do some form of processing on it. They are usually employees of the data controller or are data processors.

Question 10

What is a third party?

Answer 10

This is the person who receives the data for processing. A company may need to pass on its data to certain people in order to do its job, for example schools give references and information to the government.

Question 11

What is an information commissioner?

Answer 11

This is the individual who is responsible for ensuring that the DPA is being adhered to, by giving advice, running training sessions and investigating complaints.

Question 12

What is the right to subject access?

Answer 12

You are allowed to see what information is being held on you by a company. You need to write to the data controller and request a copy (and pay an administrative charge). The company then have to provide the information within a reasonable amount of time from receiving the request.

Question 13

What is the right to prevent processing likely to cause damage or distress?

Answer 13

If the processing of the data is going to cause you damage or distress, you can ask the company to stop. The level of it needs to be quite high, if the company doesn’t think it is causing damage or stress it is up to the courts to decide.

Question 14

What is the right to prevent processing for the purposes of direct marketing?

Answer 14

Direct marketing is mail that is sent to you advertising goods and services. You can request that is is stopped.

Question 15

What are the rights in relation to automated decision making?

Answer 15

Some decisions are taken by a computer. Credit checks are an example. Points are awarded for things such as time in work, owning your own home and based on the amount of points you get, a decision is made as to whether you get a credit card. You can request for a person to make the decision instead of a computer.

Question 16

What is the right to compensation if damage and distress if suffered by the act being contravened?

Answer 16

If you can prove that the data controller did not follow the requirements of the act meaning you suffered both damage and distress, you are entitled to compensation.

Question 17

What is the right to rectify, block or erase incorrect data?

Answer 17

If the held data is wrong, you can get it changed.

Question 18

Here are some possible reasons for exemption from the DPA:

Answer 18

National security, crime and taxation (you can’t see your records), health, education and social work (if giving the subject access will cause them harm), domestic purposes (data held on your own computer, such as a mailing list for Christmas cards).

Question 19

Personal data shall be processed fairly and lawfully:

Answer 19

This means that there should be consent for the processing to occur.

Question 20

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes:

Answer 20

When a company wants to collect and hold personal data, it must let the information commissioner know what it is going to hold and what it is going to do with it.

Question 21

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed:

Answer 21

They can’t hold more information than necessary. It must all be relevant.

Question 22

Personal data shall be accurate and, where necessary, kept up to date:

Answer 22

The company must endeavour to ensure that it only has accurate information on you. This may entail them sending out the information they hold for you to check. If they find any inaccurate information, they must correct it.

Question 23

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes:

Answer 23

You can’t hold data forever. Eventually it will no longer meet the purpose.

Question 24

Personal data shall be processed in accordance with the rights of data subjects under this act:

Answer 24

The data subject has certain rights. These include access to the data, the right to correct data if is wrong, the right to compensation if the processing has caused damage and distress and the right to prevent processing from causing damage and distress.

Question 25

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, or destruction of, or damage to, personal data:

Answer 25

The company must ensure that there is sufficient security in place to prevent the data being deleted or being stolen. Back ups should be taken to restore deleted data.

Question 26

Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data:

Answer 26

This is to ensure that data is only given to companies in other countries where there is a similar law to the UK's DPA.

Question 27

What is the Computer Misuse Act (1990)?

Answer 27

It was introduced to protect data held by companies from hackers.

Question 28

What are the four main provisions of the computer misuse act?

Answer 28

Unauthorised access to computer material, unauthorised access with intent to commit or facilitate the commission of further offences, unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer AND making, supplying or obtaining articles for use in computer misuse offences.

Question 29

CMA: Unauthorised access to computer material:

Answer 29

This covers entering a computer system without permission by guessing or discovering an individual's password. This is hacking.

Question 30

CMA:Unauthorised access with intent to commit or facilitate the commission of further offences:

Answer 30

This is in addition to entering the computer system. This could be to gain access to a suer account and use it to transmit illegal material.

Question 31

CMA: Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer:

Answer 31

This is making changes to the contents of a computer or denying access to the computer through Denial of Service attacks.

Question 32

CMA: Making, supplying or obtaining articles for use in computer misuse offences:

Answer 32

This involves malicious scripts or software that will modify the original code.

Question 33

What are the benefits of the Computer Misuse Act?

Answer 33

Until the introduction of the CMA, theft of electricity was the only crime a hacker could be charged with. The Act allows companies a legal recourse if their security has been compromised.

Question 34

What are the problems of the Computer Misuse Act?

Answer 34

Accidental intrusion is not a crime. You have to be able to prove who was responsible.

Question 35

What is the Copyright, Design and Patents act (1988)?

Answer 35

Among many items, the act makes it illegal to steal or create unauthorised copies of software. It also covers manuals, books, CDs and music.

Question 36

What are the benefits of the copyright, designs and patents act (1988)?

Answer 36

A lot of time and effort goes in to the production of software, books and music. The people who put in that effort deserve to be rewarded with royalties. This ensures that happens.

Question 37

What are problems with the copyright, designs and patents act (1988)?

Answer 37

When you buy software, you are merely buying a licence to use it. You can get site and network licences so it can go on lots of computers.