Book contents
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
5 - The data protection principles
Published online by Cambridge University Press: 09 June 2018
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
Summary
Introduction
The eight data protection principles form the backbone of the legislation and when discussing data protection issues it is often necessary to keep referring back to them and establishing the appropriate principle to apply. They are all listed in Schedule 1 to the Act but frequent reference to the main sections of the Act is needed for clarification. They are also shown in Appendix 1 of this book.
Section 4 of the Data Protection Act states that
References in this Act to the data protection principles are to the principles set out in Part 1 of Schedule 1.
The principles as listed in the Schedule are:
1. Personal Data shall be processed fairly and lawfully and, in particular, shall not be processed unless:-
a) at least one of the conditions at Schedule 2 is met, and
b) in the case of sensitive data, at least one of the conditions at Schedule 3 is also met.
2. Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in a manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are provided.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes.
6. Personal data shall be processed in accordance with the rights of the data subject.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. (DPA 1998, Schedule 1)
It is possible that more than one principle may apply to any set of personal data and therefore the principles are not mutually exclusive. In this chapter we will look at each of these principles in some reasonable depth and see how they can be applied in practice.
- Type
- Chapter
- Information
- Information Rights in PracticeThe non-legal professional's guide, pp. 29 - 44Publisher: FacetPrint publication year: 2008