The UK Data Protection Act, put into action by the Information Commissioner’s Office (ICO), regulates the use of personal data that is within the reach of commercial and non-commercial companies, as well as individuals. Such data might have been acquired for various kinds of reasons and, therefore, adherence to compliance is expected. The ICO is a self regulating authority created to support information rights for protecting personal privacy.
Basic Interpretative Provisions
The Data Protection Act defines “Data” as “information which—
(a) is being processed by means of equipment operating automatically in response to instructions given for that purpose,
(b) is recorded with the intention that it should be processed by means of such equipment,
(c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system,
(d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as defined by section 68,
(e) is recorded information held by a public authority and does not fall within any of paragraphs (a) to (d)”.
The Data Protection Act further defines “Personal Data” as “data which relate to a living individual who can be identified—
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual”.
“Sensitive Personal Data” is further explained here:
According to The Data Protection Act, “Sensitive Personal Data” means personal data consisting of information as to—
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c) his religious beliefs or other beliefs of a similar nature,
(d) whether he is a member of a trade union (within the meaning of the M1Trade Union and Labour Relations (Consolidation) Act 1992),
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
ICO has already levied penalties under the Data Protection Act for data breaches. The fine amount shows that the ICO office is very serious to reinforce the act. It continues to monitor violations and regulate the provisions of the act in the entire UK. For that reason, if are a UK based organisation that is engaged in a service that warrants collection of information or data of various sorts, you need to pay a special attention to compliance under the act; so as to avoid penalties and legal suits. It must be noted that compliance to the data protection act is not an option, but mandatory.