|
Data Protection & Compliance in Context
Data Protection and Compliance in Context provides a comprehensive tool to guide individuals through the jungle of data protection legislation that influence our daily business and personal lives. Data protection law covers the processing of information relating to individuals: something we all do. Every business and every person with a PC comes under
the Data Protection Act 1998, an Act that has already had a massive effect upon our business and private lives. The concept of data processing is extremely wide, covering every conceivable thing that can be done on or towards personal data: from its initial collection right through to its final deletion, including its organization, alteration, use and disclosure. The main aim of data protection legislation is the achievement of balance between the interests of the individual against the power of the information age, in order to give individuals control over the 'data image' held about them. But, many of the law's requirements conflict with the natural uses of IT. Data Protection and Compliance in Context enables the safe navigation of this difficult area. Data Protection and Compliance in Context approaches data protection from three angles; the context in which data protection should be viewed, the content of data protection laws and data protection from the compliance perspective. In addition to key elements of the Data Protection Act (DPA), the influence of other supporting pieces of legislation are explained. It provides practical guidance on how managers and companies should go about the business of protecting data privacy against the wider backdrop of the DPA, human rights laws and freedom of information legislation. The compliance section is unique, providing data controllers (anyone responsible for the keeping and use of personal information on computer) with a platform for building internal compliance strategies. Importantly, it shows data controllers how they can realize a compliance strategy whilst rejecting the checklist approach that can ultimately lead the data controller into potentially costly dead ends. A practical book for those without any qualifications or specialist knowledge of law, Data Protection and Compliance in Context is trustworthy and accessible guide to data protection law, ideal for IT professionals, data protection officers, and small businesses.
Contents:
Chapter 1 - Introduction to data protection Data protection in the UK - the Data Protection Act 1998 Overview and history of data protection laws Key aspects within data protection laws Key words and phrases - data, personal data and processing The DPA - important miscellany Chapter 2 - Transparency Consensual processing (including the first data protection principle) Fair processing (the first data protection principle) Processing for specified purposes Notification The right of access to personal data Information notices Part IV exemptions Chapter 3 - General rules on lawfulness The 8 data protection principles Schedule 2 conditions (for personal data and sensitive personal data) Schedule 3 conditions (for sensitive personal data) The Data Protection (Processing of Sensitive Personal Data) Order 2000 The Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) Order 2002 Part IV exemptions Chapter 4 - The right to object Substantial and unwarranted damage or distress Direct marketing Automated decision taking Exempt manual data The right to object and the sixth data protection principle Chapter 5 - Transborder data flows Third countries and adequate protection Derogations and binding corporate rules Derogations and contractual clauses Transborder data flows and the data protection act Chapter 6 - Privacy and electronic communications The Directive on Privacy and Electronic Communications UK implementation of DPEC Regulation of Investigatory Powers Act 2000 Anti-terrorism, Crime & Security Act 2001 Reconciling RIPA and ATCSA Chapter 7 - Enforcing data protection laws Enforcement by the data subject Enforcement by the data controller Enforcement by the European Commission Enforcement by the Information Commissioner Criminal proceedings Chapter 8 - Compliance Prioritisation of action Stage 1 - gathering information about data Stage 2 - lawfulness and the criterion for legitimacy Stage 3 - implementing compliance mechanisms.
|
