Data Protection Essay.
In this report I am going to explain data protection, talk about the data protection acts, rights and principles. I’m going to talk about a data controller and a data processor and what their responsibilities are. What personal and sensitive data are. What a data receiver is and what his rights are, what is involved in direct marketing and I will mention an example of abuse or corruption that occurred in Ireland. Data protection acts
Data protection is legal control over and access to use of data stored in computers.
The office of the data protection commissioner is responsible for upholding the privacy rights of individuals in relation to the processing of their personal data. The acts state the information must be accurate, only those who should have access to it do and it is only to be used for specified purposes. You have the right to access your own information and correct wrong data or even erase it.
Moran (2014) states that “you can have data without information, but you cannot have information without data”. Rights and principles
There are 8 principles of data protection
1. It must be collected and fairly used
2. It must only be held and used for the reasons given to the information commissioner
3. It can only be used for registered purposes and showed to those mentioned in the register entry
4. You must only have the details you need for the job you are doing
5. It must be accurate and kept up to date
6. Cannot be kept longer than necessary for the registered purpose
7. Information must be kept safe and secure, must be backed up and kept away from unauthorised access
8. Files must not be transferred outside of the EU. Unless the country it is being sent to has a suitable data protection law. Data controller
Data controller is a person who controls the contents and use of personal data. “Those who, either alone or with others control the contents and use of personal data. Data controllers can be either legal entities such as companies, Government departments or voluntary organisations, or they can be individuals such as G.P’s, pharmacists or sole traders” (the office of the data protection commissioner (2014). The responsibilities of a data controller
1. Obtain and process the information fairly
2. Keep it only for one or more specified and lawful purposes
3. Process it only in ways compatible with the purposes for which it was given to you initially
4. Keep it safe and secure
5 .Keep it accurate and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it no longer than is necessary for the specified purpose or purposes
8. Give a copy of his/her personal data to any individual, on request Data processor
Data processor is a person who processes personal data on behalf of a data controller but does not include an employee of a data controller who processes such data in the course of his employment. The office of the data protection commissioner (2014) states that “ the data processor is distinct from the data controller for whom they are processing the personal data…someone who is contracted to provide a particular data processing service (e.g. a tax advisor) would be a data processor”. Personal data
The office of the data protection commissioner (2014) states that “”personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller”. Sensitive data
Sensitive data is someone private information which may be related to their gender, age, race, marital status or sexual preference etc. The office of the data protection commissioner states that “relates to specific categories of data which are defined as data relating to a person’s racial origin; political opinions or religious or other beliefs; physical or mental health; sexual life; criminal convictions or the alleged commission of an offence; trade union membership. You have additional rights in relation to the processing of any such data”. Data receiver (controller)
The data receiver is the data controller he/she is the person who receives the data Direct Marketing
Direct marketing is giving individuals information about products and services, is it completely legal providing it respects the individual’s right to privacy. The office of the data protection commissioner states that “The basic rule that applies to direct marketing is that you need the consent of the individual to use their personal data for direct marketing purposes. As a minimum, an individual must be given a right to refuse such use of their personal data both at the time the data is collected (an “opt-out”) and, in the case of direct marketing by electronic means, on every subsequent marketing message. The “opt-out” right must be free of charge”. Abuse and Corruption in Ireland
May 2010: Captain Evan Cullen versus Michael O’Leary:
Ryanair CEO Michael O’Leary apologised for wrongly describing a trade union official as a “failed Aer Lingus pilot” during RTE’s Prime Time in September 2006. The apology formed part of a settlement of a High Court action against him by Irish Air Line Pilots Association (IALPA) president, Captain Evan Cullen. Mr O’Leary also agreed to make a contribution to two charities by Mr Cullen as part of the settlement. In taking his defamation case Mr Cullen claimed the “failed pilot” had caused damage to his reputation both in his community and among his work colleagues. Mr Cullen said the remarks had caused “considerable upset to both himself and his family”, but that he was pleased his “good name and reputation as a pilot” has been fully vindicated.
In this report I have explained data protection, talked about the data protection acts, rights and principles. I’ve talked about a data controller and a data processor and what their responsibilities are, What personal and sensitive data are. What a data receiver is and what his rights are, what is involved in direct marketing and I have mentioned an example of abuse or corruption that occurred in Ireland.
Kosta, E. (2013) Consent in European Data Law, Leiden: Nijhoff. Moran, D. (2014) “Brainy Quotes” [Online], available:
http://www.brainyquote.com/quotes/keywords/data.html [accessed 28th November 2014] Office of the data protection commissioner (2014) “A guide for data Controllers” [Online], available: http://www.dataprotection.ie/docs/A-Guide-for-Data-Contollers/696.htm [accessed 28th November 2014] Defamation Ireland (2014) “Defamation cases in Ireland” [Online], available:http://www.defamationireland.com/defamation-cases-in-ireland/ [accessed 28th November 2014]