Activity 17 (self-assessment) Data Protection Act (DPA)
The ICO produces lots of guidance on how the DPA should be interpreted in different situations. Follow the links below to a selection of these guidance documents and read the advice given. Once you are happy that you have understood the guidelines, consider each scenario and write a couple of sentences in response, as directed.
Scenario 1
You attend a school production and take some photographs of the children on stage. The school’s head teacher hears that you have some good photographs and contacts you to ask if they can be used on the school website. Flattered by the request, you supply three photos, which are uploaded to the website along with details of the budding performers.
Explain whether or not you have complied with the Data Protection Act.
As long as the children and/or their parents/guardians have given their permission then this would not be covered by the act, if the permission has not been sought then this would affect the act.
Scenario 2
Your mother is taken into hospital and will have to stay for several days. When you go to visit, you ask her if there is anything you can do to help. She is concerned about paying her credit card bill and asks you to contact the bank to find out what her outstanding balance is. At the end of visiting hours you leave, taking her credit card details with you. You phone the helpline number, explain the situation and request her balance.
Explain whether, within the rules of the DPA, the bank can tell you her balance.
Under the data protection act the bank would not be allowed to tell your her balance even if you have all the necessary information for them, as you could have got the information fraudulently.
Scenario 3
You work for an organisation that holds personal information about children. You have a work deadline approaching, so you decide to copy some data onto a memory stick. You will not be sharing the data with anyone else – it is for your personal use so that you can complete your work at home.
Explain whether putting this data on your memory stick complies with the DPA.
Under the DPA you if you copy information that contains personal details onto a memory stick, the DPA requires that data to still be secure, so you should password protect the files just in case you lose it. as soon as you have finished with the data, it should be destroyed immediately.
Scenario 4
You are helping a friend to sort out the estate of a recently deceased relative. One of the tasks you have taken on is to arrange cancellation of the deceased’s mobile phone contract. You contact the phone company, only to be told that they are unable to discuss customer accounts with anyone other than the customer unless previously authorised. You explain that the customer is unable to give authorisation, but they continue to state that they are unable to discuss the matter with you.
According to the DPA, is the phone company correct to withhold the information?
If the person is deceased, the DPA does not come into effect in this case and the information can be released, however the phone company will need proof that the person in question is in fact deceased. they will need a death certificate or something like that for them to release the information. If they release the information without making sure that the person in question is in fact dead, they would then be in breach of the DPA.