6.2.1

Data Protection Act (1998)

Test yourself

Data Protection Act (1998)

As the quantity of sensitive data stored about users increases, it is important that legislation is in place to protect it.

Illustrative background for Purpose of the DPAIllustrative background for Purpose of the DPA ?? "content

Purpose of the DPA

  • The DPA was first published in 1998.
  • It determines what organisations can do with the personal data that they have collected.
  • The DPA also defines the rights of the individual over the data that is stored about them.
  • In 2018, the DPA was strengthened by the introduction of a new act called General Data Protection Regulation (GDPR).
Illustrative background for Principles of the DPAIllustrative background for Principles of the DPA ?? "content

Principles of the DPA

  • There are eight principles (rules) in the DPA.
  • The first four rules are:
    • Data must be used and processed in a fair and lawful way.
    • Data must only be used for the stated purpose.
    • Data must be adequate, relevant and not excessive for the specified use.
    • Data must be accurate and kept up-to-date.
Illustrative background for Principles of the DPAIllustrative background for Principles of the DPA ?? "content

Principles of the DPA

  • There are eight principles (rules) in the DPA.
  • The second four rules are:
    • Data should not be kept longer than necessary.
    • Data should only be used according to the rights of the data subject.
    • Data should be kept safe and secure.
    • Data must not be transferred to organisations within other countries that do not offer a similar level of protection.
Illustrative background for The Data Protection Act 2018Illustrative background for The Data Protection Act 2018 ?? "content

The Data Protection Act 2018

  • The Data Protection Act 2018 is an updated data protection law, that brings the EU GDPR to UK law.
  • The Data Protection Act 1998 formed the origins of the GDPR law, but each act has its differences.
    • The 'right to erasure' in each act is different - there are more exemptions in the 2018 version.
  • The Data Protection Act 2018 requires companies to run a GDPR audit.

Computer Misuse Act (1990)

The Computer Misuse Act (1990) was introduced to protect against hacking and cybercrime. It consists of three offences:

Illustrative background for Unauthorised accessIllustrative background for Unauthorised access ?? "content

Unauthorised access

  • It is illegal to attempt to access a computer or its contents without authorisation.
Illustrative background for Unauthorised access with intentIllustrative background for Unauthorised access with intent ?? "content

Unauthorised access with intent

  • It is illegal to attempt to access a network or device with the intent of committing further criminal activity.
Illustrative background for Unauthorised modificationIllustrative background for Unauthorised modification ?? "content

Unauthorised modification

  • It is illegal to intend to modify or destroy a computer system, software or data without authorisation.
  • For example, this makes creating, obtaining or deploying malware a criminal offence.

Freedom of Information Act (2000)

The freedom of information (FOI) act regards how data is kept within public bodies.

Illustrative background for What is a public body?Illustrative background for What is a public body? ?? "content

What is a public body?

  • A public body is an organisation that provides a public service.
  • Public bodies include:
    • Hospitals.
    • Schools.
    • Police forces.
    • Armed forces.
    • Government.
Illustrative background for What is the FOI act?Illustrative background for What is the FOI act? ?? "content

What is the FOI act?

  • The FOI act states that public bodies must regularly publish certain information.
  • It also gives members of the public the right to request information that is held by public bodies.
Illustrative background for What can be requested?Illustrative background for What can be requested? ?? "content

What can be requested?

  • Members of the public can request:
    • CCTV footage.
    • Statistics.
    • Financial information.
    • Activity logs.
  • The public body does not need to release the information if releasing the information would cause harm to an individual or endanger national security.

Jump to other topics

1Computational Thinking & Algorithms

2Programming

3Hardware & Software

4Data

5The Internet

6Online Safety & Security

Go student ad image

Unlock your full potential with GoStudent tutoring

  • Affordable 1:1 tutoring from the comfort of your home

  • Tutors are matched to your specific learning needs

  • 30+ school subjects covered

Book a free trial lesson