The purpose of the Act is to protect the rights of the individual about whom data is obtained, stored, processed or supplied rather than those of the people or organisations who control and use personal data. The Act applies to both computerised and paper records.
The Act requires that appropriate security measures will be taken against unauthorised access to, or alteration, disclosure or destruction of personal data and against accidental loss or destruction of personal data.
The 1998 Act applies to:
The Act is based on eight principles stating that data must be:
Employees can also be prosecuted for unlawful action under the legislation. Fines of up to £5000 could result if you use or disclose information about other people without their consent or proper authorisation. You could even be committing an offence if you give information to another employee or student who does not need the details to carry out their legitimate duties. You should take particular care when using the Internet, e-mail and the internal network. Special care must be taken with sensitive data such as ethnic origins, religious/political beliefs, health data, disabilities, details of offences or alleged offences, sexual life or trade union membership.
All staff and students have a duty to observe the Principles of the Act. Individuals who do not handle data as part of their normal work have a responsibility to ensure that any personal data they see or hear goes no further. This includes personal data and information extracted from such data, thus, for example, unauthorised disclosure of data might occur by passing information over the telephone, communicating information contained on a computer print-out or even inadvertently by reading a computer screen.