The Data Protection Act is a 1998 United Kingdom Act of Parliament that makes the United Kingdom compliant with the EU Data Protection Directive which passed in 1995. It’s a very large and complex act that has unfortunately confused some people; however, it has eight principles, which are rather simple to understand.
The first data protection act principle is that “Personal data shall be processed fairly and lawfully”*. To clarify that, it states that “fairly and lawfully” more specifically means meeting the following two principles.
The second data protection act principle is that data can only be collected for specific, lawful purposes and cannot be used for anything that is contradictory to that purpose. The third principle is related: the data collected must be relevant to the original purpose and no more or less ought to be taken.
Data protection act principle four is that data must be accurate and up to date. Principle five is that the personal data must be deleted after the initial purpose is complete. The sixth states data collect must account for all of the rights in the Data Protection Act.
Principle seven makes entities accountable for data loss by mandating that they have security protocol in place on any device that has personal data on it. And principle eight declares that no data should be transferred to a country “unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.”*
There are some exceptions to this act. The most notable is that the rights of the individual can be superseded if it is a matter of national security. Likewise, data collected in order to prevent or stop crime is exempt from the data protection act. But there are also certain exceptions for handling your own personal data because it is assumed that you will adopt the level of data protection that you already feel most secure with.
While the Data Protection Act has been in effect, however, there have been major technological advances. For instance, the Internet has become an everyday phenomenon and many companies collect extensive personal data and make individual profiles about each person. With that and the horizon of amazing technological advances ahead of us, many people feel that this act no longer goes far enough. However, the outdated Data Protection Act will be replaced by the larger scale EU Data Protection reforms that should be finalized by 2014 and mandated by 2016.