Question one: Briefly identify and explain the rationale behind the area of law that covers the legal issues arising out of the case study?
The data Protection act of 1998 gives a guideline on the privacy (without its mention) that should be maintained of the information held by a second party regarding a first party. The act regulates the power of data movement from the person who holds it. This is primarily set to ensure that there is no illegal and unauthorized use of personal data. The act defines personal data as shows the limits of the protection. Further, the law institutes legal actions for violators of the act it also creates room for awards for any aggravated party. Data Protection Act was an aftermath of a regional requirement European Directive of 1995 which required the states of European Union to secure personal data (Catherine, & Jonathan, 2010).
Question 2: What are the main principles of the Data Protection Act that Susan has breached?
Data Protection Act defines the powers that a person in possession of personal data as well as his or her obligation. In the case study, Susan violates a couple of these principles. One, she uses the data in her custody in pursuing objectives more than that she holds data for. This she does more than once. In the first instance, she uses the data to open a website. Prior to this, it is not explained that such data was to be used to open a website. As the president, she also breaches the act by offering personal contact information of the member’s of the computing society to a third party without consent (Catherine, & Jonathan, 2010). The other principle that she breaches is the one that governs the handling of sensitive data. The act defines sensitive data and includes data concerning sexuality of a person. In creating the website, she includes information about her ex-boyfriend’s lover. She goes ahead to making personal- and emotional opinions about the relationship.
In addition, Susan breaches the seven principle which calls on the holding party to make adequate technical measures to secure personal data form among others destruction, damage and accidental loss. The website breaks down and she loses the backup USB stick which can be credited to poor technical measures in place (Catherine, & Jonathan, 2010).
Data Protection Act requires a person that has personal data regarding another person and intends to use it in a secondary purpose to register such a purpose with the Information Commissioner Office. Susan does not register any of her purposes with this office.
Question 3: What are the main principles of the Data Protection Act that Peter has breached?
On the other hand, peter also breaches the principles of Data Protection Act. First section 55 forbids any person from unlawfully obtaining personal data. While the law gives a guideline on the legal path to obtain personal data, Peter does not follow it. More over, he also breaches the principles by failing to register the purpose of obtaining the information. As noted earlier in the paper, the act requires that any secondary usage of the collected data and data in custody of a third party be registered in the Information Commissioner’s office. Peter also breaches section 56 of the Act which defines as an offence any Subject Access Request for provision of services (Catherine, & Jonathan, 2010).
Question 4: How could Susan have passed on the personal data of members to Peter lawfully?
The Data Protection Act provides a legal platform which data that is in custody of a third party to be passed to another person. The law provides that, the holding party acquire consent from the subjects. In this case, the subjects are the members of the computing society. This could be done in various ways; one she would call a meeting and by minutes pass an agenda allowing her to give out the information and giving limits of the information to be given out. The other option would be, since she had the email address of all the members, send an email to each member seeking approval on the matter (Catherine, & Jonathan, 2010). In such a case, the only information that should have been given is for the persons who reply in affirmation. After getting the consent of the members, Susan could have registered the cause at the Information Commissioner’s office. This would have legitimized the use of contacts in Peter’s marketing. So as to ensure security of the data in transit, Susan should have used a mode of data transmission that is safe. Data transmission through e-mail has proven to be insecure due to hacking (Catherine, & Jonathan, 2010).
Question 5: Briefly explain the role of the Information Commissioner in relation to the Data Protection Act?
The Information Commissioner has a lot of duties as set out in Data Protection Act. One, he is mandated to register the secondary purpose of obtaining data. This makes him the entity that legalizes usage of data for purpose other than the intended. Also, he is supposed to ensure that all the pre registration steps of the secondary purpose are followed sequentially and correctly. The commissioner is also required to ensure that the purpose being registered is lawful, in accordance with the act, and that it would not violate the rights of the subject.
References
Catherine, C., & Jonathan, G., (2010). Modern Intellectual Property Law. Milton Park: Taylor & Francis