Planning to handle consumer data in the UK? Then it's time to learn about the Data Protection Act 1998. Thankfully, Wikipedia has a very helpful overview. What are the key takeaways?
- Data may only be used for the specific purposes for which it was collected.
- Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime).
- Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
- Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
If you're interested in learning more about European privacy law, then don't forget to read up on the EU's Data Protection Directive (95/46/EC) as well.
I'm not a lawyer, and this isn't legal advice. Duh!
2
Comments
Well I can assure you the industry is thriving in the UK.
ReplyDeleteSadly, crime thrives in a lot of places.
ReplyDeletePeople have actively been prosecuted for list sales in the UK. Here's just one example: http://xnnd.com/ax101my