Personal data must be:
1. Processed fairly and lawfully.
2. Processed only for one or more specified and lawful purpose.
3. Adequate, relevant and not excessive for those purposes.
4. Accurate and kept up to date - data subjects have the right to have inaccurate personal data corrected or destroyed if the personal information is inaccurate to any matter of fact.
5. Kept for no longer than is necessary for the purposes it is being processed.
6. Processed in line with the rights of individuals - this includes the right to be informed of all the information held about them, to prevent processing of their personal information for marketing purposes, and to compensation if they can prove they have been damaged by a data controller's non-compliance with the Act.
7. Secured against accidental loss, destruction or damage and against unauthorised or unlawful processing - this applies to you even if your business uses a third party to process personal information on your behalf.
8. Not transferred to countries outside the European Economic Area - the EU plus Norway, Iceland and Liechtenstein - that does not have adequate protection for individuals' personal information, unless a condition from Schedule four of the Act can be met.
Within the Data Protection Act, the people data about are called data subjects.
- Data subjects have a number of rights. These include the right to: o See data held on them on request. o Alter inaccurate or incorrect data. o Sue if data is wrong and the mistake causes harm to them. o Data is collected by data controllers. A person called the data commissioner exists to help make sure the Act is followed. o Data is collected by data collectors
Computer Misuse Act
Aimed at reducing hacking and the threat from viruses, there are 3 main offences covered by the Act:
Unauthorised access to computer material (hacking). This includes copying software illegally (called software