The United Kingdom Data Protection Act

Sensitive data protection and data security

Data protection is a growing issue. With more and more information being stored and transferred digitally, there is strong concern amongst the general public regarding the privacy of their personal details. The remit of the ICO is developing rapidly, and it has new powers to check and fine from April 2010. All modern organisations handle and manage information, including personal data, as part of their business, and therefore data protection is just as much of an issue in the private as the public sector. A major bank was recently fined £3 million for losing confidential data. Such losses must be identified and learned from: both actual problems and near misses.

There is an argument for data sharing across departmental boundaries, providing more effective, personalised services, and producing greater efficiency. The government wants public authorities to share more data, yet sharing can lead to data mishandling or losses. People have a right to expect that their public services achieve and maintain high standards. Therefore, in order to gain public trust, the scope for error or malicious action must be minimised.

The Data Protection Act (DPA) is a United Kingdom Act of Parliament. It defines a legal basis for the handling, in the UK, of information relating to living people.  It is the main piece of legislation that governs protection of personal data in the UK.  Although the Act does not mention privacy, in practice it provides a way in which individuals can enforce the control of information about themselves. Most of the Act does not apply to domestic use, for example, keeping a personal address book.  Organisations in the UK are legally obliged to comply with this Act, subject to some exemptions.  Compliance with the Act is enforced by an independent government authority, the Information Commissioner's Office (ICO). The ICO maintains guidance relating to the Act.

Data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal issues surrounding them.

Privacy concerns exist wherever personally identifiable information is collected and stored - in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues can arise in response to information from a wide range of sources, such as:

• Healthcare records
• Criminal justice investigations and proceedings
• Financial institutions and transactions
• Biological traits, such as genetic material
• Residence and geographic records
• Ethnicity

The challenge in data privacy is to share data while protecting personally identifiable information.  The fields of data security and information security design and utilize software, hardware and human resources to address this issue.

Grid-Tools – targeting sensitive data records

Grid-Tools staff are highly educated on data protection legislation in the UK, as well as other international laws targeting the protection of sensitive data records. Our team is able to advise you on best practice methods for assuring compliant test data. It is no longer acceptable to use copies of production in testing and development across your organization. Current data protection legislation dictates that companies should be ensuring both the accuracy and security of their customer’s personal data. Breaching a principle of the Data Protection Act is a criminal offence and there is a growing movement to punish both the company and the individual ‘officers of the company’ responsible for negligence. Ensuring data protection in your testing and development environment has never been so important for a company’s personnel. Adopting the Grid-Tools best practice approach will help ensure compliance.

Back to the top