Data Protection Act 1998
The Data Protection Act (DPA) is a law designed to protect personal data stored on computers or in an organised paper filing system.1 There are eight principles of this Act, and these are:
used fairly and lawfully
used for limited, specifically stated purposes
used in a way that is adequate, relevant and not excessive
kept for no longer than is absolutely necessary
handled according to people’s data protection rights
kept safe and secure not transferred outside the UK without adequate protection 2
Customer details by law cannot be sold on.
Organisation must ensure employees keep data sensitive
Information should only be used asked for its relevant to the organisation
The effect this has on society is that businesses can be fined a large sum of money if this Act is broken, this means that the business has to ensure that customers data is stored in a safe manor. Once a business has had an ‘incident’ involving data protection then customers of a business can become less confident in using their services in worry. 6 August 2012 A monetary penalty of £175,000 was issued to Torbay Care Trust after sensitive personal information relating to 1,373 employees was published on the Trust’s website.
12 July 2012 A monetary penalty of £60,000 was issued to St George’s Healthcare NHS Trust after a vulnerable individual’s sensitive medical details were sent to the wrong address.
5 July 2012 A monetary penalty notice of £150,000 has been served to Welcome Financial Services Limited following a serious breach of the Data Protection Act. The breach led to the personal data of more than half a million customers being lost.
Please join StudyMode to read the full document