Case 1
Principles 3 and 4 relate to this scenario as the data must
be “adequate and relevant”. As can be seen from the situation, the credit
agency came back with the wrong information for James Wiggins due to their
being several on file. This is not relevant to the data subject as it is a
completely different person.
As well as that, there could be a case that being a cocaine
user is sensitive data and as can be seen from principle 1 of the act, the only
data that can be stored is of the insensitive type.
I would say that this is definitely against the Data
Protection Act as if they had not made a mistake and instead gave the correct
records to the company then he would have still had a job. This has mistake has
cost him gravely as a new job needs to be found by him.
Case 2
Principles 3 and 4 can be applied to case 2 as the contents
of the criminal records contains mistakes thus they would not be Personal data
must be adequate, relevant and not excessive,
they should also always be up to data and accurate. Accurate being the
key word here, as from the criminal records this is clearly not the case.
Principle 6 also plays a part as the user can pay to be allowed
to retrieve a copy of the data for a maximum price of £10. This has clearly been
applied properly so there is nothing wrong with this in the situation.
Asking for the records is not an offence and is allowed.
However that is not the main point here, this is that there are 85% of records
that could contain a single error, because of this people who do ask for their
details would have access to information that is outdated or even completely
wrong. This is what the data protection act has set up to prevent against.
Case 3
Principle 1 from the data protection act means that the user
can say whether they want the data to be stored or not, this relates to the
scenario due to the use of a tick box asking the user to opt out of the systems
database.
Principle 8 also can be applied here, as the transference of
this data means that it could be going anywhere, this includes overseas. The
receiving country would then need to have taken steps to have adequate level of
protection for the data.
I would say that this is against the Data Protection Act as
without the rights of the user, data cannot be transferred between companies,
however sending data between companies happens quite often as the user has to
sign a terms and conditions with the company, these end up being quite long and
thus they tend not to read them in detail. Companies can easily say that they
will be transferring data between companies in this statement and thus this is
why it does not go against the Data Protection Act.
Case 4
Due to this being a website, this data could be seen
worldwide of they have the servers in the locations, because of this principle
8 applies to this due to the company needing to have adequate level of
protection for the data in the transference and the recording of the data.
Principle 1 deals with the handling of the data and also
what the users intent is for wanting the data. The user is expected to “handle
people’s personal data only in ways they would reasonably expect”. You could
argue that putting the persons data up online for people to see is not how an
individual would want their data to be.
Principle 2 could also apply to this case as the data
obtained can only be used with one intention in mind. This means that putting
on to the internet for everyone to see would easily break this rule.
Principle 5 can also be applied due to the records being
kept for longer than they should be. This is a website and thus will most
likely be the case depending how long they have bought the domain for.
Principle 7 also works in this situation due to the company
having to take ‘Technical or organisational measures to prevent unauthorised or
unlawful processing of data and accidental loss damage or destruction of data’.
Due to the content being on a website, they cannot guarantee that the use of
this data will not be used for anything unlawful or unauthorised.
I would say that this scenario definitely goes against the
Data Protection Act as these websites could be accessed worldwide if they have
been put on servers, because of this information regarding anyone could be
accessed by anyone. This is extremely dangerous as can be seen from the
scenario, this data could also be used for advertising as well as the data is
public.
No comments:
Post a Comment