1 Data Protection Act Privacy & Security in the Information Age April 26, 2013
2 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act Definitions Principles Rights Enforcement/ Supervision Exemptions / S DPA Issues: The Media; The Internet N a t i o n a l I n f o r m a t i o n T e c h n o kenne l o g y A g e n c y ( N I T A )
3 Privacy in The Information Age Today, we leave an electronic trail from: Surfing the Internet & mobile phones Bank cash points & credit cards Supermarket loyalty cards Not to mention: CCTVs in city centres (with face recognition) Speed cameras (number plate recognition) Banks, employers, govt, and credit agencies
4 The Right to Privacy Do we / should we have a right to privacy? We all have personal details which we would generally expect to be kept confidential Examples: Financial (bank details), professional (salary), tax status, credit status, health status, sexual preference, criminal record, political affiliation etc Often, employers and govt agencies need to know some of this information, BUT: Until recently, Ghanaians had no legal right to privacy
5 Why we need Legislation Modern technology means: Data can be retrieved & processed quickly Data is easily copied & sent over networks Errors are easily replicated but hard to fix The consequences of misuse or even simple mistakes can be severe: You could be refused credit or employment You could be misrepresented (defamation) You could wrongly accused of crime/fraud, etc.
6 The Purpose of the Act Balances an individual s right to privacy against an organisation s need to use data relating to the individual for the purposes of their business this includes where that purpose is research Defines a series of rules to follow when managing personal data which include some exemptions especially for the use of data when conducting research. Sets out levels of punishments that can be handed out to organisations and individuals who fail to stay within the rules.
7 The Data Protection Act Definitions Principles Rights Enforcement DPA Issues: The Media; The Internet
8 Definitions Data: Information which is recorded as part of a relevant filing system Personal Data: Data relating to a living, identifiable person Relevant Filing System: Such technology that specific information on a particular individual is readily accessible
9 Definitions Cont. Data Subject: Individual who is the subject of personal data Data Controller (individual or undertaking): Determines the purposes for which and the manner in which any personal data are, or are to be, processed Data Processor: Any person who processes the data on behalf of the data controller
10 Definitions Cont. Personal data is defined as: Data relating to a living individual who (a) can be identified from those data, or (b) can be identified from those data and other information held by the data controller, including any expressions of opinion about that individual
11 Definitions Cont. Sensitive Data is defined as data relating to: Racial or ethnic origin Political opinions, or religious or other similar beliefs Trade union membership Status of physical or mental health Sexual life Criminal record and court case appearances Processing sensitive data requires special conditions to be satisfied under the Act
12 Principles The data controller has a statutory duty to ensure that personal data are: 1. Processed fairly and lawfully, plus schedules 2 & 3 2. Processed only for specified and lawful purpose(s) 3. Adequate, relevant and not excessive 4. Accurate and kept up-to-date 5. Not kept longer than necessary 6. Respectful of data subjects rights 7. Kept secure by technical/organisational means 8. Transfers outside Ghana
13 Principles 1 Fair and Legal Processing 1. Obtaining Data identify the Data Controller state a clear purpose why it is required what is involved in participation data uses primary research, storing, processing, re-use, sharing, archiving, publishing, strategies to ensure confidentiality of data where this is relevant anonymisation etc 2. Legitimate Processing data Subject must give consent processing is in legitimate interests of Data Controller 3. Processing of Sensitive Data Informed Consent
14 Principles 2 Processed only for specified and lawful purpose(s) Personal data shall be obtained only for specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes However, researchers may be provided with an exemption. They may not need to further consent from the individual if: it was not initially anticipated that the data would be used for research purposes, and it is deemed as not practical to retrospectively inform the individuals, and From a Other perspective that he use of the data has been approved by the ethics committee
15 Principles 3 Adequate, relevant and not excessive Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed this means that researchers are only allowed to obtain the information required to complete the task at hand. there should be no stock piling of information you think might be useful later on this is different to finding a new use for information already held if there is a valid reason for asking someone their ethnicity it is permitted, if it does not contribute to the research - it should not be asked. If the information is collected for research it should not be used for any other purpose
16 Principles 4 Accurate and kept up-to-date Personal data shall be accurate, and where necessary, kept up to date researchers have a duty to ensure that the information they collect is accurate they are not required to keep the information up to date unless it is absolutely necessary for ongoing research For example, where you will go back to the subjects again where the research is based around a snap shot in time, there is no need to go back and update it
17 Principles 5 Retention and Disposal /Not kept longer than necessary Personal data shall not be kept for longer than is necessary, for the purposes for which it is being processed Records should be retained as evidence of the project How it was managed - controlled The procedures followed The data collected Standard University Retention periods are available External funded research may be subject to their own retention periods check them Make sure you specify the correct retention period when you seek consent- holding it for longer than permitted would be a breach!
18 Principles 6 Respectful of data subjects rights Personal data shall be processed in accordance with the rights of data subjects under this Act This means that you cannot do things that violate the rights given to data subjects, especially denying access They have the right to object to processing which may cause unwarranted damage or distress They have the right to withdraw consent Right to ask the Information Commissioner to assess an organisation s processing for compliance Possible Compensation or fines
19 Principles 7 Kept secure by technical/organisational means Appropriate security measures shall be taken against the unauthorised or unlawful processing, accidental loss, destruction, or damage of personal data Store personal data on a secure server not hard drives Make use of central filing Avoid duplication as much as possible Restrict access on the basis of authority levels Use strong password protected documents and screensavers Change passwords at regular intervals Do not use global passwords Keep paper records under lock and key
20 Security Determine what is appropriate having regard to - the nature of the personal data to be protected the resulting harm which might arise from a breach state of the art & implementation cost the effectiveness of existing measures reliability of staff (e.g. appropriate training for all staff)
21 Risk Is there proof that all reasonable steps have been taken to comply with DPA s security duties? Are security standards for industry or sector being met? Is there a security policy? Is there a business continuity plan to cover inability to process data in an emergency? Does management take security seriously? Are the service provider s staff adequately trained in respect of data protection requirements? Have they been security vetted?
22 Risk What contractual security obligations have you imposed upon the service provider? Is there a duty upon the service provider to report data security breaches? What powers do you have to audit the service provider to ensure that they are complying with their data protection obligations? What are the known risks for the kind of processing undertaken? Are data transferred securely? Is encryption used when data are processed on mobile devices?
23 Principles 8 Data transfers outside of Ghana Personal data shall not be transferred to a country or territory outside Ghana unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
24 Rights Individuals have the following rights under the DPA: 1. Subject access 2. Object to processing in certain circumstances 3. Object to direct marketing (promotion of aims & ideals is marketing) 4. Automated decisions 5. Ask court to order compensation for damage caused by controller s breach of principles 6. Ask court to order correction of inaccurate data Controller liable under 6 th Principle for 1-4 above
25 Enforcement If the Information Commissioner finds that the DPA has been breached by a DC, he/she serves an enforcement notice on the DC The notice identifies the breach or omission, and specifies how to correct it Failure to comply is an offence However, a DC may appeal to the DP tribunal With the approval of the Director of Public Prosecutions, legal proceedings may follow, which could result in a fine
26 Exemptions Certain agencies or types of data are exempt from the DPA National Security Tax/revenue gathering agencies Judicial appointments & honours Corporate finance / negotiations Legal/professional privilege (doctor/patient) Human embryos/ IVF/adoption
27 Supervision Data Controllers must apply for registration on the Data Protection Register DPR is overseen by the Information Commissioner On registration (notification), DCs must provide details of the data to be stored and its use, and the measures to be taken to comply with the Act (including data security and data transfer) Note: notification does not mean licensing DCs do not need to wait for approval from DPR Establishment of Data Protection Commission
28 DPA Issues: The Media The DPA has special provisions for journalism, and artistic or literary purposes Basically, journalists/authors may hold/use personal data for journalistic/artistic/literary purposes only if the data are necessary to reconcile the rights to privacy with the rules governing freedom of expression So, investigative journalists & political strategists or commentators are not treated as Data Controllers!!
29 The End Thank You! CONTACT : Ministry of Communications (MoC), Ghana
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
Rick Parsons Information Governance Officer County Hall 01865 323593 firstname.lastname@example.org 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
Data Security and Extranet Derek Crabtree Schools ICT Support Manager email@example.com Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
DATA PROTECTION MANUAL VERSION TABLE Version Date Published CO Circular 1 September 2008 3 July 2015 July 2015 2 CONTENTS Part A: General Guidance 1 Introduction to the Data Protection Act 1998 5 2 The
PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
Corporate Data Protection Policy September 2010 Records Management Policy RMP-09 GOLDEN RULE When you think about Data Protection remember that we are all data subjects. Think about how appropriately and
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
INFORMATION PRIVACY STATEMENT Victoria Police is bound by the Privacy and Data Protection Act 2014 in how it manages personal information. Victoria Police is committed to protecting the personal information
53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment
Data Protection Act 1998 Codes of Practice The Employment Practices Data Protection Code CONTENTS CONTENTS... 1 Who is the Code for?... 3 Why should you use it?... 3 Other parts of the Code... 3 Five sections...
1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright
WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 firstname.lastname@example.org Graham Hann Partner +44 (0)20 7300 4839 email@example.com Chris Jeffery Partner +44
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
Data Protection Workshop: How the Law Affects You Practice Questions 1. Which of the following is not personal data covered by the Data Protection Act (pick one or more): A. Comments about an individual
Data protection Quick guide to the employment practices code Ideal for the small business Contents 3 Contents Section 1 About this guidance 4 Section 2 What is the Data Protection Act? 5 Section 3 Recruitment