Current UK Legislation Regarding the Collection, Use and Storage of Data and Information

Question

Write a summary to demonstrate your understanding of the current UK legislation regarding the collection, use and storage of data and information. Describe the responsibilities this places on organisations and their employees to protect individuals and maintain the integrity of data. Use practical examples to show how the terms of the legislation apply to your business operations.

Answer

Humans appreciate their privacy and the protection of their personal sphere of life. However, recent advances in information technology – which allow for storing and processing large amount of data – pose a challenge for privacy as these technologies reduce the amount of control over personal data. Unauthorized access to personal data opens up the possibility of various negative consequences. To prevent such outcomes, almost all countries in the world have data protection laws in place. The government of UK has similarly promulgated a law called the Data Protection Act 1998. This law protects personal privacy and upholds individual rights (Legilation.gov.uk, 2016). The basic moral principle underlying the Data Protection Act is the requirement of informed consent for processing data by its subject (Stanford Encyclopaedia of Philosophy, 2014). This law requires that the purpose of processing personal information – that is, any data that is linked or can be linked to an individual - should be specified; its use should be limited; individuals should be notified of and allowed to remove any discrepancies; and that the holder of the data should be accountable to oversight authorities (Stanford Encyclopaedia of Philosophy, 2014). The Data Protection Act applies to anyone who handles or has access to personal information including organisations, businesses and governments. This law places responsibility on organisations and their employees to protect individuals and maintain the integrity of data by requiring them to follow eight principles/rules of ‘good information handling’. It requires them to: (1) use data fairly and lawfully; (2) for specific purposes; (3) only store relevant data; (4) accurately; (5) for a time period that is absolutely necessary; (6) use data in ways which protect individual rights; (7) keep it safe and secure; (8) and only transfer it to other countries that undertake similar data protection measures (PCS, 2016).

References

Legislation.gov.uk (2016). Data Proctection 1998. Available from http://www.legislation.gov.uk/ukpga/1998/29/contents (cited on 28th August, 2016). PCS (2016). Guide to Data Protection. Available from http://www.pcs.org.uk/en/resources/imembership/guide-to-data-protection.cfm (cited on 28th August, 2016). Stanford Encyclopaedia of Philosophy (2014). Privacy and Information Technology. Available from http://plato.stanford.edu/entries/it-privacy/ (cited on 28th August, 2016).