n 6 May 2015, a 92 year-old charity worker from Bristol committed suicide. As part of the evidence given at her inquest it was revealed that she was receiving up to 180 requests a month for donations to other charities. 99 charities had her personal contact details (including that she was already donating to other charities), and those 99 charities gained her contact details from some 22 ‘professional data-brokers’, or other charities.
Whilst the inquest decided that the charity requests were not a cause of her death, it highlighted the ‘trade’ in personal information that happens between organisations. Whilst is not illegal to share/trade personal data, the UK Data Protection Act 1998 states that people who give their personal data to organisations must also consent to that data being shared/sold.
‘Personal data’ under the UK Data Protection Act 1998 (DPA) relates to personally identifiable information, such as a name, date of birth, physical address, email address, telephone, National Insurance or NHS number, or even an IP address.
The DPA applies to all records systems, whether manual (such as a written journal or card index) or computerised such as a Customer Relationship Management (CRM) system, which is linked to the till on the checkout when the customer is asked for their details for the guarantee, etc. However, under the DPA the personal data remain the property of the person that has given it to you (and your organisation), and at any time they can ask it to be deleted from the records system, unless there are legal, health or national security reasons for retaining it.
Personal data is a very valuable commodity that can be (and is) bought and sold by organisations (and even governments), because when freely given by the person concerned it is likely to be highly accurate and current. This therefore offers the opportunity for very highly targeted (and therefore effective) marketing – why do you think Google, Facebook and Twitter are so big?
In summary, there are eight principles in the UK DPA:
- Personal data shall be processed fairly and lawfully
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
As part of their training, all employees handling personal data should be advised of all of these principles, their responsibilities, and also their duties regarding that data.
Like a cashier in a bank handling money on behalf of the customer, the money is not the property of the cashier, they are just trusted with it, on behalf of the customer, to make the best use of it for the customer.
Breaches of the DPA in the UK to date have resulted in a range of fines (some of which have put the relevant companies out of business), but the Information Commissioner’s Office (ICO) is starting to ‘up its game’ and are naming and shaming directors of those companies. It is only a matter of time before the liability for breach of the DPA moves down to the individual employee.
The UK is leading the way in data protection
Data protection legislation was not brought in because the UK parliament didn’t have enough to do, or because it was obliged to do it by the EU.
The UK has been the leading ‘driver’ across the world in Data Protection.
Principally because the UK has recognised that the abuses of personal information have led to, in addition to the ‘relatively mild’ acts of requesting money, identity theft and fraud, and have also helped in acts of terrorism. It is important.
An absence of Data Protection legislation, and more importantly adherence to it, affects everyone. Let’s go and paraphrase the title, “Why as an employee do you need to understand about Data Protection?” Because your next conversation with a salesperson, either face to face or online, means you are giving them, and their organisation(s) further down the line, access to all your personal details forever.
Get a FREE Course
Sign up to our newsletter and get access to the Interview Skills and CV Writing Certificate course for free!
Simply enter your details below and we will email you access to your free course!
What our students say about us...
Lovely course for people who want to know the basics and of sign language. It's has helped me to get more of an understanding and will greatly benefit me in my workplace. So easy to pick up and the videos were easy to understand. Would definitely recommend to anyone.
This course is a great way to brush up on my rusty excel skills, I recommend this course to anyone looking for something to do during lockdown, it's easy to use and talks you through each stage step by step. It has given me the confidence I need to further my career.
It was an eye opening course that was flexible and easy to access. I was able to complete it from the comfort of my own home whilst also having the tasks to complete which enabled me to check my knowledge. I know feel much more confident in my field of work and really enjoyed doing it.
Fantastic course! Well-presented and challenging with frequent assessments. I feel a serious sense of accomplishment having not studied for over 30 years! Videos that accompany each module are carefully thought out and informative. Am so impressed with this course, have now signed up for 3 other courses and recommending New Skills Academy to everyone!
Very interesting and helpful course. I ve learned a lot of interesting things about make up and the tutorials were very helpful and easy to understand. I really reccomend this course for everyone who is passionate about make up and wish to develop their skills and make a career from their hobby.
I found this course incredibly useful, as it provided me with practical knowledge which I can implement in my role as a Support Worker. The videos were clear and concise, and the downloadable worksheets reinforced what I had learned as I was able to put pen to paper. Overall, a fantastic course for a great price! I am looking forward to taking on my next one.
Wow what an incredible insight for the start of anyone's journey in property. This course gives you so much information and there are tests and questions on each of the modules. The course is very easy to follow and well laid out. You can actually make notes on the pages of each module using the notes tab! I am very excited to say that I passed and I only spent one week on this course. I will print all the PDF information and keep it in a file with my certificate. I feel very confident for my future plans now I have completed this course.
This is a great course for any level of knowledge. Very easy to navigate, great practical tasks and explanations are very clear. You can revise any module with no problem. The test wasn’t too hard if you completed every module. It may be handy to make some notes before you start. Overall I'm very happy with my choice. Thank you New skills for my New skills :)