why is data protection important?
| private sector
| public sector
| employee data
| financial data
| health records
| IT systems
| marketing data
The DPA
The Data Protection Act doesn't guarantee personal privacy at all costs, but aims to strike a balance between the rights of individuals and the sometimes competing interests of those with legitimate reasons for using personal information. It applies to some paper records as well as computer records.
This short checklist will help you comply with the Data Protection Act. Being able to answer 'yes' to every question does not guarantee compliance, and you may need more advice in particular areas, but it should mean that you are heading in the right direction.
- Do I really need this information about an individual? Do I know what I'm going to use it for?
- Do the people whose information I hold know that I've got it, and are they likely to understand what it will be used for?
- If I'm asked to pass on personal information, would the people about whom I hold information expect me to do this?
- Am I satisfied the information is being held securely, whether it's on paper or on computer? And what about my website? Is it secure?
- Is access to personal information limited to those with a strict need to know?
- Am I sure the personal information is accurate and up to date?
- Do I delete or destroy personal information as soon as I have no more need for it?
- Have I trained my staff in their duties and responsibilities under the Data Protection Act, and are they putting them into practice?
- Do I need to notify the Information Commissioner and if so is my notification up to date?
