Information Security: Data Protection Act
The Data Protection Act 1984 was passed in response to public concern about information held on computer systems. It protected privacy and ensured information was accurate and used properly. The Data Protection Act 1998 (DPA) replaced the Data Protection Act 1984 to meet the EU Data Protection Directive and sets the new rules for processing personal information. The DPA applies to some manual (paper) records as well as those held on computers.
The DPA applies to ‘personal data’ in respect of ‘living’ individuals. That is, data (information) about identifiable living individuals (data subjects). Those who decide how and why personal data are processed (Data Controllers) must comply with the rules of good information handling, known as the data protection principles and other requirements of the DPA.
Information held within Shared Workspace is covered by the DPA.
HMRC Business Authorising Officers are responsible for handling any issues raised, or requests made, by the Data Controller under the DPA about information within SharedWorkspace.
More information about the DPA can be found at the Central Policy Information, Policy & Disclosure site.