WHAT IS DATA
PROTECTION?
Data protection addresses the
safeguarding of the privacy rights of individuals in relation to the processing
of personal data. The Data Protection Acts 1988 and 2003 confer rights on
individuals as well as responsibilities on those persons processing personal
data.
E-vet web application user
organisations gathers and stores data about individuals. This is necessary for
the purposes of running the operations of the International youth exchange. For
the purpose of data protection, such organisations or individuals who control
the contents and use of personal data are known as DATA CONTROLLERS. The Data
Protection Acts 1988 and 2003 impose obligations on data controllers and give
rights to individuals relating to their personal data.
WHAT TYPES OF DATA ARE INCLUDED?
All personal information relating to
a living individual is included under the legislation. It covers data that is
held on computers as well as data that is held in manual files. It applies to
all the data that is held - for example it applies to data in emails and copy
letters as well as to data on Files etc.
WHAT ARE THE RESPONSIBILITIES?
Any organisation using e-vet that is
involved in the collection, storage or processing of such data has
responsibilities under the legislation.
Examples would include people
involved in the collection of data from people applying to do projects, those
involved in organisation of projects etc.
E-vet
application Responsibilities:
-
not to disclose it to others
-
to keep it safe and secure
-
to ensure secure acces to data
for organisation and individuals
E-vet
application user organisations Responsibilities:
-
to obtain and process information
fairly
-
to keep it only for explicit and
lawful purposes
-
not to disclose it to others
-
to keep it safe and secure
-
to keep it accurate, complete and
up-to-date
-
to ensure that it is adequate,
relevant and not excessive
-
to retain it for no longer than
is necessary for the explicit purpose
-
to give a copy of the data to an
individual, on request (such a request is known as an ACCESS REQUEST).
WHAT ARE YOUR
RIGHTS AS AN INDIVIDUAL?
-
to have your personal information
obtained and processed fairly, kept securely and not illegitimately
disclosed to others
-
to be informed, to know the
identity of the Data Controller and for what purpose they have the
information
-
to get a copy of the personal
information
-
to have your personal data
corrected or deleted if inaccurate
-
to prevent your personal
information from being used for certain purposes, for example you might want
your data blocked for research purposes where it is held for other purposes
-
to have your name removed from a
direct marketing list
-
to stop some specific uses of
your personal information
-
to Employment Rights, not to be
forced to disclose information to a prospective employer. No one can force
you to make an access request, or reveal the results of an access request,
as a condition of recruitment, employment or provision of a service. Where
vetting for employment purposes is necessary, this can be facilitated where
the individual gives consent to the data controller to release personal data
to a third party
-
to freedom from automated
decision making, to have human input in the making of important decisions
relating to you. Important decisions about you, for example, work
performance, creditworthiness, reliability may not be made solely by
automatic means e.g. by computer, unless you consent to this. In general
there has to be a human input in such decisions
-
to prevent your phone directory
details from being used for direct marketing purposes.
|