© Boardworks Ltd 20101 of 15

The Data Protection Act

© Boardworks Ltd 20102 of 15

Teacher’s notes included in the Notes Page

Flash activity. These activities are not editable. Web addresses

Icons key: For more detailed instructions, see the Getting Started presentation

Functional Skills check

Student task accompanies this slide Printable activity

This lesson will cover:

The purpose of the Data Protection Act.

What is meant by the terms data user, data subject and data controller.

The eight guiding principles that data users must follow, and the rights of data subjects.

Exemptions to the Data Protection Act.

© Boardworks Ltd 20103 of 15

The need for data protection

What is wrong with this picture?

Most people would be shocked if this sort of information was displayed in a public place. Why?

© Boardworks Ltd 20104 of 15

What is the Data Protection Act?

© Boardworks Ltd 20105 of 15

1. Processed fairly and lawfully.

2. Processed for a specific purpose.

3. Adequate, relevant and not excessive.

4. Accurate.

5. Kept for no longer than is necessary.

6. Processed in line with the rights of individuals.

7. Kept secure.

8. Not transferred to countries outside the European Economic Area unless there is adequate protection.

There are eight data protection principles. According to the Act, data must be:

The eight guiding principles

© Boardworks Ltd 20106 of 15

Recap

© Boardworks Ltd 20107 of 15

Sensitive data

© Boardworks Ltd 20108 of 15

Subjects and users

© Boardworks Ltd 20109 of 15

Who keeps and provides data?

© Boardworks Ltd 201010 of 15

what data they want to store

what they want to use it for

how long they will keep it

who they might pass it on to.

Data users must register with the Data Protection Commission. The Information Commissioner’s Office is responsible for regulating the Data Protection Act.

They must also agree to follow the eight Data Protection Principles.

Responsibilities of data users

Data users must specify:

© Boardworks Ltd 201011 of 15

Rights of data subjects

© Boardworks Ltd 201012 of 15

national security – you cannot demand to see your data if national security is at stake

police investigations – information being used to prevent crime is not covered (though police records are)

examination results – these are exempt until they are published by the examining bodies.

There are a few cases when the Data Protection Act does not apply. These are called exemptions to the act.

Exemptions to the act

Some examples include:

© Boardworks Ltd 201013 of 15

Breaking the act

© Boardworks Ltd 201014 of 17

Case study

In March 2007, the media reported that a number of high street banks had failed to comply with the Data Protection Act.

An investigation was carried out after complaints that banks had been dumping customers’ personal details in bins outside their premises. Details of a bank transfer for £500,000 were allegedly found outside a Nottingham branch of one bank.

The Information Commissioner’s Office found that 13 firms had breached the Data Protection Act. Following the investigation, the firms agreed to comply with the act in the future.

How would you react if this happened to your bank details?

© Boardworks Ltd 201015 of 15

Summary