1. Handling Personal Data
Handling Data:
Organizations and Data Handling
Handling Personal Data

2. It’s the law Transcript:
Customer: I would like to apply for a credit card.
Clerk: I will first process the information on your application form.
Customer: That’s fine.
Clerk: Oh dear, I’m afraid your application has been declined.
Customer: Why?
Clerk: According to the credit reference records you have not paid previous credit card companies.
Customer: That cannot be me! This is my first credit card!
Clerk: I’m afraid I cannot change the data. However, if you write to this address you can find out more details… and have the records changed if you can prove they are wrong.
“The data was not updated. It is showing the details of previous residents at that address”.

3. Transcript:
Police Officer: Is this your car?
Driver: Yes.
Police Officer: Can I see your driving license?
Driver: Sure.
Police Officer: You will have to accompany me to the station.
Driver: Pardon?
Police Officer: I have just run a check on this car and it was reported stolen yesterday!
Driver: But it’s my car!
“Wrong license number entered into the computer”.

4. Transcript:
Customer: I would like to withdraw some money.
Bank clerk: Can I have your details please?
Customer: Here’s the book with details of my account.
Bank clerk: I’m sorry sir, I cannot give you any money.
Customer: Why?
Bank clerk: According to my records you are dead!
“What went wrong there?”

5. To try and minimize situations like those on the previous slides, the Data Protection Act was passed in 1984 and revised in 1998.
This law covers the use of data on living individuals that is stored on a computer.
Data users (organizations) who keep such data must register with the Data Protection Registrar.
They must give details of:
the type of personal data that is going to be held
how the data will be obtained
who the data will be passed on to
whether the data is being transferred to other countries
why they need to use the data.

6. The Data Protection Act says data must be:
acquired lawfully
used for the purpose that it was acquired
relevant: only the data needed should be collected
accurate and up-to-date
kept only until needed
accessible to the individual and, where necessary, be able to have data corrected or removed
be kept in a secure place to avoid loss or damage
transferred to other organizations only with the consent of the individual (the data subject).

7. accidental loss of data
Watch out!
Beware of:
hackers
accidental loss of data
viruses.

10. Steps to protect data To protect against malicious acts:
use passwords to protect files; change passwords regularly
encrypt data before sending it through a network
use a firewall and up-to-date virus scanning software
use an activity log to track use
give people different levels of access as required
make files read-only to avoid deletion
keep computers in locked rooms.

11. To protect against viruses:
scan all incoming s
ensure that virus software is always up-to-date
do not open suspicious s.
To protect against accidental loss and damage:
always keep a back-up of all data
keep the back-up copy away from the computer
do not remove the back-up disk until the back-up is completed and the disk light switched off.

12. Summary
The Data Protection Act was set up in 1984 and revised in 1998.
It only covers data about living individuals.
It only covers data stored on a computer.
Data users (organizations) that hold such data must register with the Data Protection Registrar.
There are eight different principles that make up the Data Protection Act.
Data can be lost because of a number of reasons; a virus, hackers, or through accidental damage of files.
There are a number of steps that can be taken to avoid loss of data.
What can I remember?
The End