|
|||||
 |
|||||
            
|
 |
Data protectionIf you are a journalist, or work in advertising, are involved in selling subscriptions or work in a personnel department the new data protection legislation, which came into force on 1 March 2000 brings fundamental changes. Perhaps even more importantly it increases the responsibilities of anyone who works with sensitive information. The penalties for not meeting the requirements of the act can mean an unlimited fine or compensation for anyone damaged. Anyone who possesses a list or database of individuals' details must register as a 'data controller' with the Data Protection Registry. A data controller already has a number of rights and responsibilities under the current 1984 Data Protection Act. The new 1998 act changes these. Permission Under the old 1984 act, individuals could 'opt-out' of having their details stored or passed on to other companies by ticking an appropriate box. Although the Data Commissioner has so far not laid down the exact size or suggested wording of opt-out boxes, wording on the following lines should suffice: "We may write to you about other offers, or pass your name and address to other reputable companies whose products and services may be of interest to you. Please tick this box if you do not wish to receive such offers." Sensitive information Under the 1998 act, in addition, where individuals are asked for 'sensitive' information (for example details of race, sexuality, politics or criminal record), they have expressly to give permission - to opt in - for this information to be stored and used. This will be particularly relevant for reader surveys. Journalists' exemptions Section 32 entitles a journalist to refuse access to personal data which he holds. Personal data is exempt if it is processed with a view to publication, the data controller reasonably believes that publication would be in the public interest and he reasonably believes that compliance with the Act is incompatible with the purpose of processing the data. Transferring data abroad Under the new Act, selling lists abroad is more difficult. It says that personal data may not be transferred outside the EU unless there is an adequate level of protection for that information. The US, the main non-EU country to which data lists are sold, has been deemed to have inadequate data protection laws. The European Commission is currently in talks with the relevant US authorities to agree arrangements to enable companies to assume that a US recipient company had adequate protection arrangements. But there is, as yet, no outcome and no government guidance has been given. Credit checking Under the terms of the 1984 act, business agreements which could involve credit checking have to include notification that checks will take place. The 1998 Act extends this process to sole traders as well as incorporated businesses. The data subject now has a right to inspect their records, and therefore credit records, in full. |
|
|
|
 |
|||||
| PPA and its members | News and features | Events and seminars | PPA supplier listing Advertising and marketing | Distribution | Legal and public affairs | Publishing | Careers and training Privacy Policy | Contact | Join PPA | Links | Search | Site map | Text only | Home Images courtesy of Cadmium 
|
|||||
 |
|||||
