DATA PROTECTION: THE FIRST DECADE

Published date01 April 1994
DOIhttps://doi.org/10.1108/eb024822
Pages350-355
Date01 April 1994
AuthorJOHN LAMIDEY
DATA
PROTECTION: THE FIRST DECADE
Received (in revised form): 22nd August, 1994
JOHN
LAMIDEY
JOHN
LAMIDEY
WAS
FROM JUNE 1986
UNTIL JUNE
1991.
ASSISTANT
DATA PROTECTION REGISTRAR
WITH
PARTICULAR RESPONSIBILITIES FOR THE
HANDLING
OF COMPLAINTS FROM MEMBERS
OF
THE PUBLIC UNDER THE DATA
PROTECTION
ACT 1984, THE CONDUCT OF
DATA
PROTECTION INVESTIGATIONS AND THE
FORMULATION
OF DATA PROTECTION POLICY.
ABSTRACT
This
paper considers
the
effectiveness
of the
Data
Protection
Act since its launch in
1984.
The
National Audit Office prepared
a
report
in 1993,
which
was
critical
of the
Data Protection Registrar, its imple-
mentation
of
the
registration
and
the
eight
data
protection
principles
of
good
practice.
These
criticisms
are
discussed
here with
a view to improving the Registrar's
approach
to data
protection
law, and its
attitude to those who are required to
register
under the
Data Protection
Act.
Ten years ago this month, Parlia-
ment passed the Data Protection Act
1984.
It is an Act to regulate the use
of automatically processed informa-
tion relating to individuals and the
provision of services in respect of
such information. The Act allowed
the UK to ratify a Council of Europe
Convention for the Protection of
Individuals with Regard to Auto-
matic Processing of Personal Data.
The Convention has two objectives:
to protect individuals in circum-
stances where information about
them is processed automatically; and
to facilitate a common international
standard of protection so that the
free flow of information across inter-
national boundaries can proceed
properly. The Data Protection Act,
therefore, is not simply legislation
regulating the way in which informa-
tion about individuals is held and
used in computer systems, but is also
designed to facilitate the proper
sharing of such information. Indi-
viduals are protected by being
granted specific rights in the Act
enabling them to obtain a copy of
information held about them in
computer systems, to challenge that
information if it is wrong and, in
some circumstances, to obtain com-
pensation if they are damaged by
erroneous data.
The free exchange of computer-
ised personal information is not hin-
dered by the Act, but some proper
controls are placed upon it. There is
a publicly available register upon
which the majority of organisations
that hold information about people
in their computer systems must
350

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT