Javascript is enabled, but Flash has not been installed/upgraded
Click here to download Adobe Flash Player
 
      Your shopping basket
      Practical business guides
      Download HR templates
      Card processing
      Credit control and finance
      Insurance
      Purchasing
      Utilities and telecoms
      All member benefits
      About the FPB
      Why should I join the FPB?
      Our campaigns
      Employment and HR
      Changes to regulations
      Money matters
      Green issues
      Growing your business
      Health and safety
      Business technology
      Useful links
      Press office contacts
      Press releases
      Late payment hall of shame
      Discussion forum
      Member panels
      Referendum
      Surveys
      Small Firms' Summit
      Business-friendly MP award





Home > Hot Tips > What you need to know about data protection law
Advertisement
 Don't miss tax return deadline, 31 January 2009
21 November 2008
Bookmark and Share
   
Email article : Print article : More articles like this
If you collect data on clients, employees or suppliers, you will be subject to the Data Protection Act. This article explains the basics of the act, your obligations and introduces the Regulation of Investigatory Act (RIPA) which has legal implications for businesses using data encryption.
Data protection law and data encryption
 
Adhering to the Data Protection Act is something that you will need to do if you store data on clients, employees or suppliers. your business to stay legal and avoid any unnecessary legal action
 
 
By taking action now you are hopefully going to avoid problems later should your business be investigated. This will save you money and time in the long run, and will only cost you a small registration fee of £35 per annum.

RIPA has implications for those using encrypted data.

This guide does not constitute legal advice. It is strongly suggested that you receive qualified legal advice to help you if you have any Data Protection Act or RIPA questions or issues.

Understanding the Data Protection Act

We all like to protect our privacy, and the Data Protection Act provides a legal framework to which we all need to adhere if we are to stay above board. By protecting this information you will retain your reputation and prevent time consuming and costly investigations later.

There are other regulations that apply to anyone considering a telephone or email marketing campaign called the Privacy and Electronics Communications Regulations.

For further detail visit the Privacy and Electronic Communications Guide.

The Data Protection Act allows each of us to know what information is being held about us. Any information that is held must be handled appropriately, and there are 8 guiding principles. Data must be:
    • Fairly and lawfully processed
    • Processed for limited purposes
    • Adequate, relevant and not excessive
    • Accurate and up to date
    • Not kept for longer than is necessary
    • Processed in line with an individual's rights
    • Secure
    • Not transferred to other countries without adequate protection
If someone should feel that their data is not being managed according to these principles then they can contact the Information Commissioners Office for assistance. At this point your small business may be investigated with possible subsequent enforcement action.
 
 
Regulation of Investigatory Act (RIPA Part III)
RIPA is normally associated with investigations into criminals and criminal behaviour using surveillance, not the running of small businesses, but recent changes in legislation may impact your use of IT.
 
Data encryption is the process of taking normal computer data and files and mixing them up so that they become unreadable to unauthorised users. This process of mixing up or encrypting data uses advanced mathematics, which we won't bother you with. What you do need to understand is the use of electronic keys to unlock encrypted data. These often take the form of long passwords but act as the secret key to all of your encrypted data. Normally you would keep these keys locked away very securely as if you lose them then your encrypted data could be unlocked by unauthorised users.
 
As you can imagine many criminals are now encrypting their data to prevent the authorities accessing it. To get around this problem legislation was enacted in October 2007 that forces an individual or a business to hand over their secret encryption key. If you fail to do so then you could face a 5 year jail term.
 
This is very important for a small business to remember when putting in place data encryption. Always keep your encryption keys secure, but remember that the authorities may, in rare circumstances, demand the key to inspect your data.
 
Of course we know that users of the Business IT Guide are all upstanding citizens but we would hate to see our users end up in jail!
 
What you need to do

It is strongly advised that you visit the websites below which carry up to date and accurate information on the Data Protection Act and RIPA as it relates to small businesses. The Data Protection Act site also carries information on how to register your business, which is highly likely.

Data Protection Act for small businesses

Regulation of Investigatory Powers Act


About the author

This article was first published as Data protection law on Business IT Guide, part of e-skills, the Sector Skills Council for IT and telecoms. The Business IT Guide has been developed in collaboration with industry experts to help small businesses find the right IT solutions for the issues that affect them.

Username:
Password:
Email:
 
Advanced search
Advertisement

 

News Articles - What is this?
Home : Join Us : Contact Us : Advertise : Sitemap : Terms & Conditions
© 2009 Forum of Private Business : info@fpb.org : Website by Fat Media