Data Protection Act. You have the right!

By: Paul Malone

Computers bring great benefits to society and individuals. But as often occurs, where there is a benefit, there is often a downside. Data stored about individuals can cause problems for the following reasons:

* Information may be wrong or out of date.
* Information may be given to someone, who is not entitled to it.
* Individuals may find their details on a junk mailing lists which they themselves have not requested

The Data Protection Act 1988 was introduced to deal with these issues and protects the individual by providing the following rights:

Right to Access

You have the right to be given a copy of any information kept on computer about you. You can request this information from any organisation that has personal information on you, e.g. your doctor, your bank or any government department.

Right of Rectification or Erasure

If you find that information kept about you is inaccurate, you have the right to have that information corrected. In some cases you might have the right to have this information erased if it is deemed irrelevant or excessive for the holder's needs.
Right to have your name removed from direct marketing list

If an organisation has information on you for the purpose of direct marketing (e.g. telephone marketing or direct junk mailing), you have the right to have your details removed from the database. Once you have made a written request to an organisation to remove your details from their list, they are obliged to reply to you within 40 days confirming that they have satisfied your request.

Right to complain to the Data Protection Commissioner

In the case that an organisation has not satisfied your requests in regard to the above rights, you additionally have the right to complain to the Data Protection Commissioner, who will investigate the matter for you.

Right to seek compensation through the courts

In the event that you have suffered damages through the mishandling of information about you on computer, you have the right to seek compensation through the courts. Section 7 of the Act ensures that organisations holding information about individuals owe those individuals a duty of care.

In addition to the rights of the individual outlined above, organisations storing such information have an obligation to ensure the following:

* Personal information must be obtained openly and fairly.
* Information must only be used in ways compatible with the purpose for which it was obtained originally.
* The information must be secured against unauthorised access.
* Information must be accurate and kept up to date.
* Information must not be disclosed to third parties for use that is incompatible with the purpose for which it was obtained originally.
* Information must not be retained longer than is necessary for the purpose it was obtained.

The Data Protection Commissioner maintains a website which contains more detail about the Act and includes sample letters which you can use to exercise your rights of access. The URL is http://www.dataprivacy.ie/