) One piece of legislation that governs the management
and handling of information could be found in the data protection act 1998.
This act states that with a few exceptions, organisations who hold or control
personal data on computer must register with the Data Protection Commissioner –
registration is normally for 3 years and a standard fee is charged to cover
this period. If this is not abided by then the organisation could be fined. Once registered data controllers must comply
with eight data protection principles of good information handling.
data should be processed fairly and lawfully – the data subject must have given
consent or the processing of the data must be necessary, for example for the
completion of a legal contract. There
are further specific safeguards for the processing of sensitive personal data,
e.g. ethnic origin, political opinions, religious beliefs, etc.
should be obtained for a specific purpose, and not then used for another
completely different purpose.
information held should only be what is sufficient for the purposes for which
it is held – no more than is required.
held should be kept accurate and up to date.
should not be held longer than is necessary.
• The data
controller must not contravene the rights of the person whose data is being
stored, e.g. the data subject can prevent processing likely to cause damage or
• The data
controller must provide adequate security provisions and check the reliability
of staff who have access to personal data.
cannot be transferred outside the European Union area to any other country that
does not have similar levels of data protection
Implications that this act has can be that care should be
taken to ensure that data is collected fairly and used only for the purpose for
which it was gathered. Also, Systems should be set in place to ensure that all
data is checked for accuracy periodically (often in documentation sent to data
subjects, they are requested to inform the data controller of any change of
details such as change of address, etc.).