eking into the data banks
Page 27
If you've noticed an error in this article please click here to report it so we can fix it.
There's so much happening in the business world that it's a good idea for hauliers to step back now and again, and take a cool
look at relevant issues in depth. Thanks to our colleagues at Tolley Publishing, we do just that every month with this bulletin. We feel the title says It all... • The Data Protection Act is designed to protect "living and identifiable persons "from the misuse or unauthorised disclosure of any information about them—and from r March z000, when the 1998 act supersedes the 1984 act, all data will be covered; not just electronic files as is currently the case. A transitional period will help firms to prepare for the regulations.
Fleet operators and owner-drivers who hold personal data on file such as employee, job-applicant and customer names and information, fall within scope of the act. Exemptions apply when information is held: • By people for their own family or domestic purposes; • For historical or statistical research; • In some cases relating to journalism, art and literature; • For the purposes of national security.
But as far as hauliers are concerned, if customer addresses on file include a contact name (eg the managing director) then the data falls within the scope of the act.
The act defines "data" as information: • Being processed by automatic equipment; • Recorded to be processed; • Recorded as part of a filing system; • Relating to some health records. "Processing" means obtaining, recording or holding data, including its: • Organisation, adaptation or alteration; • Retrieval, consultation or use; • Disclosure by transmission, dissemination or otherwise; • Alignment, combination, blocking, erasure or destruction.
Special rules apply to "sensitive" data such as racial origin.
REGISTRATION Any firm or individual holding personal data must register with the Data Protection Commissioner.
Registration packs are available from Crown post offices or from the Data Protection Office at Springfield House, Water Lane, Wilmslow, Cheshire SK9 5AX; phone, 01625 545745 (automated answering ser vice). Or contact http: //www.open.gov.uk/dpr/dprhome. hi. There is a registration fee of £75 every three years.
It is a criminal offence (punishable by a fine of up to £5,000) for an unregistered person to hold or dis close personal data about any person and no processing of data should take place until you have registered under the act and an entry has been made in the Data Protection Register.
It is the responsibility of data controllers to operate within the terms of their register entries. They can be held liable to pay compensation for damage or "associated distress" suffered as a result of holding or disclosing inaccurate personal data.
On registration a data controller must notify the Data Protection Commissioner of: • The name and address of their principal place of business or registered office; • The details of any nominated representative, where this differs from the company's registered office; • A description of the personal data, and the category or categories of data; • A description of the purpose or purposes for which the data is to be used; • A description of recipients; • The countries outside the European Economic Area to which the controller will directly/indirectly transfer data.
It is illegal for a registered data user to: • Hold personal data other than that specified in the Data Protection Register; • Hold or use any such data for any purpose other than those in their entry; • Obtain data from any source which is not described in the register entry; • Disclose the data which he holds to any person who is not in the register entry; • Directly/indirectly transfer data to any country or territory outside the European Economic Area which does not have similar data protection laws.
The "data protection principles" state registered data users must ensure data is: • Processed fairly and lawfully; • Used for specified and lawful purposes; • Adequate, relevant and not excessive; • Accurate and up-to-date; • Not kept longer than necessary; • Processed in accordance with the act; • protected against unauthorised or unlawful processing and against accidental loss, destruction and damage; • Not transferred outside the EEA unless there is an adequate level of protection.
• by David Lowe