Data Protection Act
What is it?
The Data Protection Act 1998 (DPA) is an Act of Parliament which defines UK law on the processing of data on identifiable living people - as opposed to unidentifiable dead ones. It ensures that every piece of information that this data-obsessed government (and numerous other bodies) has accrued on an individual is only available to anyone other than the individual concerned.
Data is protected in several ways:
- Unencrypted data. This can be committed to CD ROM or memory stick. It is usually found on hard drives - especially laptops. These can be found in various places: on the back seats of taxis, trains, McDonald's, rubbish skips etc.
- Encrypted data. See above. Encrypted data can easily be un-encrypted by Ralph down the arches, or by anyone with Asberger's.
- Hard copy. This means paper files and stuff. These are also found on trains and in taxis but especially in skips outside the back of Banks.
Personal data is collected so it can be sold off. Various bodies (such as the DVLA) routinely flog the information they've gathered to other organisations, such as wheel clamping firms or market research companies. Data processing is also farmed out to other countries such as India. Organisations like the NHS and the HM Revenue & Customs like doing this because it's cheap and saves them having to do it. The downside of this is that the protected data becomes considerably less protected. It is therefore likely that Johnny Foreigner knows considerably more about your wife's ovary count than your local doctor.
Some foreigners are quite naughty and use any personal information they've acquired to pretend they're someone else... like you for instance. They've managed this not because they've found some dog-eared bank statement in a bin bag, but because that knackered old PC that you binned two years ago ended up being shipped to Nigeria. The back streets of Lagos are awash with little shops that do a nice line in cannibalising old computers for data. Oops! This is compounded by those overseas agencies that handle farmed out data processing contracts not having quite the same level of security as in the UK.
The whole data protection thing is something of a goat fuck, so it's best you keep an eye on those bank statements and phone bills.