Question:

If a company has your name & address, to comply with the data protection act,what can & cant they do with it?

by | earlier

If a company has my name and address etc. Please can you tell me what they are allowed to do with that information and what they are not allowed to do with the information. Who are they allowed to pass it onto and under what circumstances. Also, if they are found to be breaking the rules or the law even, what will happen to the individual and what will happen to the company itself if this was to occur? I would really appreciate someones help who knows or who has dealt with this situation. Thanking you in anticipation.

Tags:

Report

Answer The Question I've Same Question Too

Follow Question

2 ANSWERS

Sort By: Date | Rating

Plain-language summary of key principles

This section provides a quick overview of what the Key Principles of information-handling practice mean. The Key Principles themselves are discussed below in the context of their definition in law.

Data may only be used for the specific purposes for which it was collected.

Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.

Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).

Personal information may be kept for no longer than is necessary.

Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.

Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner.

Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).

Also subjects are allowed/have the right to make changes to wrong information

[edit] Personal data

The Data Protection Act covers any data which can be used to identify a living person. This includes names, birthday and anniversary dates, addresses, telephone numbers, Fax numbers, e-mail addresses etc. It only applies to that data which is held, or intended to be held, on computers ('equipment operating automatically in response to instructions given for that purpose'), or held in a 'relevant filing system'.

It should be noted that an ordinary paper diary can be classified as a 'relevant filing system' if it can be demonstrated that the diary is used to support commercial activities (eg, a Salesperson's diary).

[edit] Subject rights

The Data Protection Act creates rights for those who have their data stored, and responsibilities for those who store or collect personal data.

The person who has their data processed has the right to[4]

View the data an organisation holds on them, for a small fee, known as 'subject access'[5]

Request that incorrect information be corrected. If the company ignores the request, a court can order the data to be corrected or destroyed, and in some cases compensation can be awarded.[6]

Require that data is not used in a way which causes damage or distress.[7]

Require that their data is not used for direct marketing.[8]

[edit] Data protection principles

Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-

at least one of the conditions in Schedule 2 is met, and

in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Personal data shall be accurate and, where necessary, kept up to date.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Personal data shall be processed in accordance with the rights of data subjects under this Act.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

[edit] Conditions relevant to the first principle

Personal data should only be processed fairly and lawfully. In order for data to be classed as 'fairly processed', at least one of these six conditions must be applicable to that data.

The data subject (the person whose data is stored) has consented ("given their permission") to the processing;

Processing is necessary for 'the performance of a contract (any processing not directly required to complete a contract would not be "fair");

Processing is required under a legal obligation (other than one stated in the contract);

Processing is necessary to protect the vital interests of the data
Report (0) (0) | earlier
hmmmm. iunno, but if they have ur imformation they can do anything they want with it but they arent allowed to. I think legally if they ever wanted to use ur information they would have to get ur permisson
Report (0) (0) | earlier