The Data Protection Act (UK – 1998, Malta – 2001):
The DPA concerns the “collection, recording, organization, storage, adaptation, alteration, retrieval, gathering, use, disclosure, blocking, erasure or destruction of personal data”.
The purpose of the Data Protection Act: a. The purpose of the DPA is to protect living individuals against the misuse of their personal data. Examples of such misuse could include exposing of personal data without obtaining prior permission from the data subject, holding incorrect and possibly damaging personal information and unauthorised alteration of personal data. b. A secondary objective for the introduction of the DPA was to decrease public concerns over the level of confidentiality of their data held at various organisations.
Personal Data & Sensitive Personal Data:
This act defines Personal Data as any information relating to an identified or identifiable (both directly such as through an ID number as well as indirectly) natural person. “Data Subjects” are the natural persons (i.e. not companies) to whom the personal data relates.
The Act also distinguishes Sensitive Personal Data, which refers to personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health or sex life, and such data is subject to stricter rules.
The 8 Principles of the Data Protection Act which Data Users must comply with:
1. Fair and Lawful Processing:
Personal Data shall be processed fairly and lawfully, as long as the data subject has given his permission for the use of the data and he/she has been informed of any other organizations which will use the information and the purpose of such use. In the special case of Sensitive Personal Data, the general rule is that this type of personal data cannot be processed but the law provides for a number of exceptions, such as: * Clear permission by data