DATA PROTECTION ACT 1998 (DPA)

Data Protection Act 1998 (DPA)

Data Protection Act 1998 (DPA)

Introduction

The issue of personal data protection has grown in importance with the ever more ubiquitous role of the computer in modern society. While the unfettered collection and use of manually stored personal data by government and commercial organizations also held risks for the privacy of the individual, the use of computerized records allows the creation, combination, and analysis of personal data in ways that would previously have been uneconomical or simply unfeasible. Thus, the informational privacy of the individual is at risk more than ever before, and the potential consequences of abuse of that privacy have become ever more critical. The national data protection laws of the 1970s and 1980s have proven inadequate to deal with the challenges posed by technological developments in the 1990s, (Singer, Müller, 2002, pp.169-70)and, with the increasing globalization of commerce, there is increasing need for an international consensus on future approaches. This paper discusses if the Data Protection Act 1998 represents a positive step in the control of private security and protection of individual's rights, or it negatively limits and obstructs the operations of security professionals seeking to protect the interests of their clients or not.

The European Union (EU) has taken a proactive regulatory approach with strict rules on the collection, use, and transfer of personal data enshrined in the Data Protection Directive. Member States of the EU had to implement the Directive by October 1998, and the UK has implemented it with a root and branch overhaul of its existing data protection legislation, in the form of the Data Protection Act 1998. The Data Protection Directive has a strong extra-territorial element, however, and has not been met with unanimous support outside the EU. A particular opponent has been the United States, which, while willing to impose legal constraints on the use of personal data by government, is currently disinclined to impose similar restrictions on UK. commercial interests. The personal data privacy approaches of the EU, UK, and United States all demonstrate different priorities and influences, which suggest that true consensus may still be some way off. (Singleton, 1998, pp.34-36)

 

Data Protection Act 1998

The Data Protection Act 1998 is based on a European Directive which requires member states 'to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data'. I am pleased that many organisations increasingly see the need to follow proper information handling procedures as a key requirement of their business activity and it is my view that where businesses and organisations build in compliance with the rules designed to ensure respect for that privacy, they will not be taking on an undue burden. The 1998 Act places a number of new responsibilities on businesses and organisations (Strobl, Cave, Walley, 2000, pp.890-892)of all types and sizes in the way they collect, hold and process personal data. When processing becomes fully subject to the requirements of the 1998 Act, Data Controllers will be faced with a number of new judgments to make, which I appreciate may raise some ...