Data Protection Act 1998 - Basis for the security of information
The Data Protection Act 1998 the main act that outlines the basis for the security of information in the UK. It gives individuals right to access their personal data. This data consist of info kept by a company about individual. Company takes personal data of an individual when he/she purchases of a good or service from them. Data consist of info like bank details and contact details etc.
The Data Protection Act mainly includes eight key points.
1 – Fair and lawful processing of information: This means a company should not take any personal data from an individual without his permission.
2 – Purposeful Information collection only. This means that info taken by the company should be only use for the particular purpose it has been taken for.
3 – Information collected must not be excessive: This means only the required details should be taken by the individual and not any extra information to complete the transaction
4 – Information should be up to date: Data controllers should make sure that the information taken by them should be accurate. It is because mostly the information taken is very delicate if its inaccuracy can be misrepresented on the customer’s behalf.
5 – Information should be kept until the time period only: The Data Protection Act clearly states that an organization should only hold the data for a particular time period.
6 – Information processing should be according to customer’s rights
The customer’s rights that this point includes:
A right of access the information they have given;
A right to object their processed information;
A right to stop marketing of given information;
A right to rectify any inaccuracy in the given information;
A right to claim compensation if the act is breached.
7 – Information should be secure: Organization keeping the information of a customer should them very safe and secure. Data exposure is the major breach face by the organization. An organization should never be careless in regards to the information they are having.
8 – Information can never be given to any other companies outside the European economic zone. It is only allowed when the organization outside Europe have the same data protection act.
In other words – keep your customers informed. Don’t store their data in grey areas without their specific consent.