is4profit small business Free Small Business Information and Small Business Advice
Small Business Ad
Home Business Advice Business Law Your Firm and the Data Protection Act
Wednesday, 20 August 2008
Main Menu
Home
Business Advice
Business Courses
Business Directory
Find an IFA
Mobile Broadband
Mobile Phone Guide
Personal Finance
Phone Legal Advice
Products & Services
Small Business News
Trade Associations
Hot Links
Win learndirect courses worth over £200
Release the Potential of your Workforce
The fastest, most reliable mobile broadband for business from Vodafone
Guide to Energy Performance Certificates for Buildings
Business Vehicles
Search Engine Marketing
Government Grants
Your Firm and the Data Protection Act -
Article Index
Your Firm and the Data Protection Act
Notification
Data Obligations for All Firms
Recruitment Data
Monitoring Employees
Employment Records
CCTV
Page 3 of 7

Your Firm and the Data Protection Act

2. Data Obligations for All Firms

Small Business Ad

Whether or not you must notify, you are legally obliged to observe data protection principles.

2.1 You must process only as much information as you need.

  • You must identify the minimum amount of information you need.
  • You must need it for a specific purpose, which must be lawful.
  • There are extra restrictions on the use of particularly sensitive data.

2.2 When you use information about an individual, whether they are an employee or a customer, you must make sure that they are properly informed of what you intend to do with their information.

  • You should ensure that they are aware of who you are, what information you hold and why, and any other information (such as third parties you intend to pass the information to) which may make your use of personal information fair.

2.3 The information you hold must be accurate and up to date.

  • You need to be able to prove you have taken 'reasonable steps' to ensure the accuracy of the information you hold.
  • If anyone complains about the accuracy of the information you hold on them, you must be prepared to investigate and to amend it or at least note their complaint on file.

2.4 The information you hold must be kept securely.

  • You (and your staff) may not pass on information to third parties without just cause.
  • You can use external data processors (for example, payroll bureaux), but you must have a written guarantee they will keep your information secure.
  • You must ensure that any information you keep on the premises is safe.
  • You must have an arrangement for deleting information on old disks or tapes and for securely disposing of paper records about people.
  • If you are going to send information abroad, you must ensure the country has adequate data-protection laws. Call 08456 30 60 60 for advice. Alternatively you must get consent from the individual in question or ensure the organisation you are sending the data to has acceptable security arrangements.

2.5 The information you hold must be deleted as soon as you have no reason to keep it.

  • You need a very good reason to hold on to information beyond its immediate use. For example, you might want to hold information on potential recruits in case one of the unsuccessful ones tries to sue you for discrimination.

2.6 You must observe the subject's rights.

  • These include the right to see all the information you hold on them.
  • They have to ask in writing, provide evidence of identity, and pay any fee you request up to £10.
  • You have 40 days to comply.
  • You need not comply if their name is only mentioned peripherally. The courts have pointed out that the Act exists to allow individuals to check whether their privacy is being infringed. It is not an 'automatic key' to any information on matters in which he or she might be involved.
  • You can sometimes withhold the information if a third party is involved.
  • Individuals can ask for corrections: you must investigate and at least make sure the request is on file.
  • Individuals can instruct you not to use their personal data for direct marketing.
  • If an individual believes their personal data is not being processed according to the data protection principles, they can ask the Information Commissioner to assess the business concerned. You could be subject to an enforcement notice requiring you to change the way you process data. Failure to comply with such a notice is a criminal offence and could lead to a possibly unlimited fine.
  • You could be sued by anyone who suffers damage because of what you have done.
BHP Infosolutions

 
< Prev