The 1998 Data Protection Act provides a framework for the way in which organisations should collect and process personal information. It has far-reaching implications for library and information managers who hold personal data on computer or on paper, or who may be called on to advise their colleagues. This practical guide explains the legal requirements and illustrates the issues with dozens of relevant and informative case-studies.
Introduction; Personal data; The eight Data Protection Principles; Who is responsible for data protection?; Informing the data subject; When do you need consent?; Processing 'sensitive' personal data; Processing only for specific purposes; Monitoring employees and the public; The requirement to have good quality data; Archive and destruction policies; People's right to see their own records; Restrictions on direct marketing; Other Data Subject rights; Security; Who can see what?; Transferring data abroad; Exemptions and other special cases; Notification; Codes of practice; Enforcement and penalties; The Data Protection Compliance Officer; References and further reading; Contacts; Appendices; Index.