Jump to content

Talk:Data Protection Act 1998

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by (talk) at 14:14, 11 September 2007 (dpa is good). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.


Hi there, can I ask what you think would be the better one of the the principles on the article or the one that I wrote?


  • Data must not be aquired and processed unless there is a lawful reason not to do so.
  • Data must be processed withing the rights of the person applying the data.
  • Data must only be used for specific lawful purposes.
  • Personal data must be accurate and up-to-date.
  • Provision must be made for the correction of data held.
  • Suitable measures should be taken to ensure the safety of presonal data.
  • Data should be the minimum required for the purpose and should not be kept any longer than required.
  • Data should not be transferred to countries outside the European Economic area.


Personal data must be:

  1. Processed fairly and lawfully.
  2. Obtained for specified and lawful purposes.
  3. Adequate, relevant and not excessive.
  4. Accurate and up to date.
  5. Not kept any longer than necessary.
  6. Processed in accordance with the "data subject's" (the #individual's) rights.
  7. Reasonably securely kept.
  8. Not transferred to any other country without adequate protection in situ.

according to the page history, this was posted by User: at 08:52, 15 September 2005.


I have two points about this -
a) Neither of these lists of Principles accurately reflects the Principles in the 1998 Act, and at worst both are misleading. They should be copied verbatim from the Act.
b) This page is about the Data Protection Act 1984, and should really be changed to reflect that law. For future reference, and to show the difference, here are the Principles from the 1984 Act-
1. The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully.
2. Personal data shall be held only for one or more specified and lawful purposes.
3. Personal data held for any purpose or purposes shall not be used or disclosed in any manner incompatible with that purpose or those purposes.
4. Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes.
5. Personal data shall be accurate and, where necessary, kept up to date.
6. Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7. An individual shall be entitled-
(a) at reasonable intervals and without undue delay or expense-
(i) to be informed by any data user whether he holds personal data of which that individual is the subject; and
(ii) to access to any such data held by a data user; and
(b) where appropriate, to have such data corrected or erased.
8. Appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data.
zzuuzz (talk) 14:17, 15 September 2005 (UTC)[reply]


I once or twice heard that a change in the law was in the works to ban the opt-out boxes on application forms, requiring them to be opt-in boxes instead. Does anyone know what's happened to this law?

And I still can't understand why, when the electoral registers finally stopped being a total violation of the current DPA, they didn't make the edited register opt-in from the start. -- Smjg 12:11, 3 October 2005 (UTC)[reply]

As far as I am aware this was never going to be law. There is guidance from the [Direct Marketing Association]about this, and also from the [Office of the Information Commissioner] - check the document library. It is still OK to have "opt-out" check boxes, but the wording of the question must be made very clearly.


This article is really about the Data Protection Act (in general) not just the 1984 version (eg, the 1998 version redirects here). Should it be renamed, or is the naming convention to always include a year? --h2g2bob 20:48, 8 October 2006 (UTC)[reply]

Since the 1984 act has been repealed, perhaps the article should be Data Protection Act 1998 ? -- Beardo 22:51, 10 October 2006 (UTC)[reply]

Moved to Data Protection Act. —Centrxtalk • 05:58, 15 October 2006 (UTC)[reply]


I am going to remove the stupid comments put on by IP addresses and —The preceding unsigned comment was added by Wakimakirolls (talkcontribs) .

EDIT: Can we have a lock on this page? This page keeps getting vandalised. Or at least ban the IP—The preceding unsigned comment was added by Wakimakirolls (talkcontribs) .

Hi. This page is always being vandalised, but not really much more than any other page here. Certainly not enough to warrant protection. It is on quite a few editors' watchlists and is usually quickly reverted. Offenders are usually warned, and if they continue they get blocked. -- zzuuzz (talk) 10:40, 9 November 2006 (UTC)[reply]

isp data

any info on what affect this act has on isp's releasing ip addresses of customers to cops?—The preceding unsigned comment was added by (talkcontribs) .

Data processed for the prevention or detection of crime are largely exempt from the restrictions on sharing contained in Principle 1 which normally require the individual's permission. See section 29. This allows, but does not compel the ISP to disclose the info. There is another exemption in section 35 which allows disclosure in the case of legal proceedings [1]. -- zzuuzz (talk) 05:07, 19 November 2006 (UTC)[reply]


Zomg! J00 Pr073c75 my p34r50n4l d474!!!11111 —The preceding unsigned comment was added by Me (talk) 11:35, 7 December 2006 (UTC).[reply]

When does it apply?

Say you want to set up an online company where you need to store peoples addresses (not their credit card details) so you can sent them their items that they purchased. Would that company have to register or can they simply ask the customer that its ok to store their address details and then store their details securely—The preceding unsigned comment was added by (talkcontribs).

From you example above, I would say that you would have to register. If you are not sure, then go to the Information Commissioner's web site and use their on-line checking tool that asks questions as to how you will use the data and then recommends whether or not you need to register. If you are a data controller (in the meaning of the Data Protection Act 1998) then you will need to be registered.—The preceding unsigned comment was added by Howarthss (talkcontribs).

Exemptions from registration are governed by Statutory Instrument - The Data Protection (Notification and Notification Fees) Regulations 2000 (as later amended). The three main exemptions from registration are: Staff administration; Advertising, marketing and public relations; and Accounts and records. These are called the 'core business purposes' and cover a lot of small businesses. -- zzuuzz(talk) 13:39, 14 March 2007 (UTC)[reply]
However it is important to treat each decision to regsiter on its own merits as the Statutory Instrument mentioned above caveats a number of points that restricts the use of the information collected. I always recommend that businesses register, even if it is voluntary, as the decision processes about data use are much more involved if registration is not in place. You will find that 99 times out of 100, the ICO self-check will recommend that registration is probably necessary. —The preceding unsigned comment was added by Howarthss (talkcontribs) 11:30, 15 March 2007 (UTC).[reply]

Bias re 192.com

I removed the following from the end of the first section of the article. A Wikipedia article is not the place to make this kind of complaint, and this tone is inappropriate.

i.e. you can use a telephone 'Directory Enquiry' type service to request an individuals home telephone number, which they will readily give but they will refuse to confirm the individuals address or postcode. Then on the other hand companies such as http://www.192.com are displaying and selling personally information. The ACT states that the detail holder i.e. YOU, has the right for the information to be removed however such companies such as 192, have stated that you dont have the right to ask them to remove it. In this situtation you will need to send a complain to the ICO. 192 hides behind a form they have created to get the information removed however a email to them asking them to remove your details should be ok under the act for them to act however they and other companies like them once you fill this form in or send emails to them still dont remove your details.

- Lee Stanley 23:00, 29 March 2007 (UTC)[reply]

Why does 8 principles have a list of 9?

Why does the eight principles of the data protection act have 9 items on the list? 14:21, 16 April 2007 (UTC)[reply]

The ninth principle was added only hours ago, and I have removed it. There are only eight. There is no separate Principle that data must be obtained in a lawful manner, only that it must be processed lawfully (Principle 1), and for lawful purposes (Principle 2). -- zzuuzz(talk) 14:42, 16 April 2007 (UTC)[reply]


The second (Staffordshire University DPA FAQ) and third (DPA contents page on OPSI site) citations don't seem to support the points they are making.
Think we should remove them?
--CaNNoNFoDDa 21:54, 6 September 2007 (UTC)[reply]

The second citation does say "this all seems quite complicated", but this is not the same as a reputation for complexity. The Act does however have a reputation for being confusing and misunderstood. Some more appropriate phrase and citation should be found for it (the ICO has previously said as much, for example). That the 1984 Act was repealed by the 1998 Act is also true, but there is probably a better citation than the legislation itself (a direct link can be found here). -- zzuuzz (talk) 16:20, 8 September 2007 (UTC)[reply]

Cool, i'll swap that link over. Thanks. —Preceding unsigned comment added by CaNNoNFoDDa (talkcontribs) 19:13, 8 September 2007 (UTC)[reply]

please can someone tell me if dpa is a good thing

—Preceding unsigned comment added by (talk) 12:37, 8 September 2007 (UTC)[reply]

Compared to nothing, maybe. Compared to something better, possibly not. -- zzuuzz (talk) 13:09, 8 September 2007 (UTC)[reply]

dpa is good

the date protection act is good because it stops people getting ur personal information BOFF!!! HAHA! just cause you got blocked.