E2E Passport

News 
Home | Contact | Resources | News | Updates | Answers | Overview | Training | Tools | Livewire   
© 1999-2006 MITAC Partnership Ltd   

Data Protection

Freedom of InfoProviders often ask questions about the implications of the Data Protection Act on their use of Passport Online. This short article examines the main sections and points to further sources of information.

The Data Protection Act 1998 came into force in March 2000, replacing the Data Protection Act 1984. It sets out a clear regime for processing personal information, applying to paper records as well as those held on computer

In a nutshell, the Act gives private individuals greater control over how their personal information is gathered, used, housed and shared, while requiring those who record and use personal information (data controllers) to be open about how they use this information and to adhere to key data protection principles.

The Data Protection Act is based on the fundamental Right of Privacy, as provided for in the European Convention on Human Rights. The recently enacted Human Rights Act 1998 implements the Convention into United Kingdom domestic law. Under that Convention "everyone has the right to respect for his private and family life, his home and his correspondence."

Here are some key terms.
  • Personal data is any information that relates to an individual who can be identified from the data held
  • Data processing includes for example collecting, recording or holding the data, or carrying out any operation(s) on it.
  • A filing system covers any paper-based collection of data about individual subjects or any computer-based system for storing the same kind of information electronically.
  • The data controller is the person or organisation has developed the filing system and who is ultimately responsible for its security and maintenance. Providers of such systems must be registered with the Data Protection Commissioner.

There are eight Data Protection Principles with which data controllers are required to comply. Non-compliance is not a criminal offence but, if the Commissioner considers that one or more of the principles has been, or is being, breached, enforcement action can be taken. Failure to comply can then become a criminal offence.

The eight data protection principles state that data must be:
  • fairly and lawfully processed
  • processed for limited purposes
  • adequate, relevant and not excessive
  • accurate
  • not kept for longer than is necessary
  • processed in line with the data subject’s rights
  • secure
  • not transferred to countries outside the EU without adequate protection.

Sensitive data (eg sexual health, ethnicity, criminal records) can only be processed with the explicit consent of the data subject or if required by law for employment purposes.

MITAC Partnership's Data Protection Policy can be found at the foot of this page.

September (2005) Archives

Displayed here is the news archives for September 2005. To see the complete list of news articles click the link below

Back To News
 

News Archives

No news archives.
 
  Text-Only | Accessibility | Copyright | Data Protection | Disclaimer | Site Map | CSS | XHTML | PIPEX Server Status