The ICO announced in March of 2020 that they levied a fine of the DPA 1998’s maximum fine of £500,000 against international airline Cathay Pacific for failing to protect the security of its customers’ personal data. Case Study: Cathay Pacific Airways Limited A data breach is the unlawful or accidental destruction, loss, unauthorised disclosure, alteration of, or access to, personal data. Though there is a controller/processer distinction, a single party can fulfil both roles.įinally, ‘ data breach’ is a vital term to define as its impact, and repercussions can be especially devastating. As a ‘competent authority’ who alone or jointly determines the means and purpose of the processing. The corresponding term to ‘data processor’ is ‘ data controller’. Next, ‘ data processor’ refers to the party responsible for performing ‘processing’ (operations) upon personal data or data sets, which can be performed either manually or with an automated system. Secondly, ‘ data subject’ defines the individual to which personal data refers. Within this legislation and all equivalents across Europe, the following terms are used similarly as to allow convergence and compliance.įirstly, ‘ personal data’, as one of the most frequently used and fundamental terms in data protection legislation refers to ‘any piece of information related to an identified, or potentially identifiable individual’. ![]() To better understand what the purpose of the Data Protection Act is, there are some important terms that likely require a little further explanation. With the introduction of the Data Protection Act and GDPR, the role, scope and prominence of the Information Commissioner has grown significantly, dealing with many high-profile cases and handing out headline news fines to offending organisations. “The previous Data Protection Act, passed a generation ago, failed to account for today’s internet and digital technologies, social media and big data.” The UK’s Information Commissioner, Elizabeth Denham stated at the time of its introduction that the Data Protection Act 2018 would make the UK one of the “world’s most progressive data protection regimes”. The Information Commissioner’s Office was founded in 1984 and now acts as the independent official responsible for upholding information rights in the public interest, promoting data privacy for individuals and openness in public bodies. With this key principle, the responsibility to handle personal data appropriately and lawfully is placed directly upon organisations, whilst also obliging these entities to be able to demonstrate their continued compliance. Principle 7 of the Data Protection Act 2018, ‘Accountability’, is perhaps the most significant addition to the holistic approach now taken. Not deviating greatly from the 7 principles that exist as part of the Data Protection Act 2018, the DPA 1998, though reasonable for the time, failed to address the increased necessity for data protection present almost two decades on. “The legislation requires increased transparency and accountability from organisations, and stronger rules to protect against theft and loss of data with serious sanctions and fines for those that deliberately or negligently misuse data”ĬBE Elizabeth Denham, UK Information Commissionerīefore the updated legislation in 2018, the Data Protection Act 1998 contained 8 principles of data protection. The DPA does so by, firstly, firmly establishing the rights of individuals, and secondly, placing well defined responsibilities upon organisations handling personal data, and guidelines for practices. ![]() There are several purposes of the Data Protection Act, though the legislation is largely designed to protect individuals from having their personal information misused, exploited or mishandled. What is the Purpose of the Data Protection Act? The DPA came as a result of several years of development and stands as the United Kingdom’s adoption of the European Union’s General Data Protection Regulation (GDPR) a Europe-wide piece of legislation addressing two decades of technological development. ![]() What is the Purpose of the Data Protection Act? The Data Protection Act (DPA) came into effect in April of 2016 and became enforceable on May 25th two years later. Purpose of the Data Protection Act Principles, Rights and Personal Data
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |