Introduction to Data Protection Legislation

by John Turner

Posted on November 27, 2009

As a member of the Irish Computer Society I regularly receive invitations to their ‘Breakfast Briefing’ and ‘Lunch and Learn’ events. I have been meaning to attend the regular ‘Introduction to Data Protection Legislation’ event for some time now and finally got the opportunity to attend one today.

This event was held in the ICS building in Dublin 2 (convenient city centre location), starting with a light lunch at 12:30 with the presentation running from 1pm to 2pm. The presenter was Hugh Jones and I found him very knowledgeable and highly informative. We only had an hour so the aim was to touch on all the facets of the legislation without going into detail.

The presentation started by discussing privacy and the many definition’s it has been afforded over time. A couple of high profile privacy cases are then outlined to demonstrate different legal views on the protection of privacy.

The presentation then proceeds to discuss the particulars of the Irish data protection legislation giving a summary description of the acts. Before explaining the acts further, the terms ‘Data’, ‘Automated Data’, ‘Manual Data’, ‘Personal Data’, ‘Sensitive Personal Data’, ‘Relevant Filing System’ and ‘Processing’ are defined, as well as the characters ‘Data Subject’, ‘Data Controller’ and ‘Data Processor’.

The data processing rules are then explained, along with the individuals rights afforded by the legislation. Finally, enforcement provisions, registration, specific offences, overseas transfers of data and exemptions are discussed.

Coming from a development background and working primarily in this domain I have never required in depth knowledge in this area but it is certainly advisable to have an awareness. This event refreshed my long lost memories of when data protection was covered in my undergraduate degree and I found it interesting. Anyone working with personal data should be aware of their responsibilities and if you are completely ignorant in this area, I would highly recommend this event. It is free to ICS members and a small fee is applicable to non-ICS members.

If you have more responsibility relating to data protection and require more than just an awareness of the legislation, the ICS also provide a 1-day course and 3-day certification in the area. For me, the introduction was as far as I feel would be relevant but i found it very informative and interesting.