|
|
|
1 | (4) |
|
|
|
5 | (102) |
|
|
|
7 | (14) |
|
|
|
7 | (4) |
|
|
|
11 | (1) |
|
|
|
12 | (1) |
|
|
|
13 | (1) |
|
|
|
13 | (1) |
|
|
|
14 | (1) |
|
|
|
15 | (1) |
|
|
|
16 | (1) |
|
|
|
17 | (1) |
|
|
|
17 | (1) |
|
|
|
17 | (1) |
|
|
|
18 | (1) |
|
Table of definition sources in the Data Protection Act 1998 |
|
|
19 | (2) |
|
|
|
21 | (24) |
|
|
|
21 | (1) |
|
The general duty to process fairly and lawfully |
|
|
22 | (1) |
|
The requirement to meet one or more of the conditions for fair processing |
|
|
23 | (6) |
|
Meeting one or more of the conditions for fair processing of sensitive data |
|
|
29 | (9) |
|
The requirement to provide subject information |
|
|
38 | (7) |
|
|
|
45 | (6) |
|
|
|
45 | (1) |
|
Personal data must be obtained for specific purposes |
|
|
45 | (2) |
|
All purposes for which data is processed must be lawful |
|
|
47 | (1) |
|
All processing must relate to the original purpose or purposes for which data was obtained |
|
|
47 | (1) |
|
Risk management in relation to the second principle |
|
|
48 | (2) |
|
Limited exemption -- processing for research purposes |
|
|
50 | (1) |
|
|
|
51 | (8) |
|
|
|
51 | (1) |
|
Personal data to be adequate for the purpose |
|
|
51 | (2) |
|
Personal data to be relevant to the purpose |
|
|
53 | (1) |
|
Personal data not to be excessive for the purpose |
|
|
54 | (1) |
|
Subjective judgment of what is adequate, relevant and not excessive |
|
|
54 | (1) |
|
Information not required for current or reasonably imminent purposes |
|
|
55 | (1) |
|
How adequacy, relevance and excess are assessed |
|
|
56 | (1) |
|
The effect of time on compliance with the third principle |
|
|
56 | (1) |
|
Published guidance -- some examples |
|
|
57 | (2) |
|
|
|
59 | (4) |
|
|
|
59 | (2) |
|
Keeping personal data up to date |
|
|
61 | (1) |
|
Examples involving the fourth principle |
|
|
61 | (2) |
|
|
|
63 | (6) |
|
Determining how long data should be retained |
|
|
63 | (2) |
|
Permanent deletion of data held on computer |
|
|
65 | (1) |
|
Purging files and records |
|
|
65 | (2) |
|
Exemption for data held for research purposes |
|
|
67 | (1) |
|
|
|
68 | (1) |
|
|
|
69 | (14) |
|
|
|
70 | (7) |
|
Other data subject rights |
|
|
77 | (3) |
|
Rights not covered by the sixth principle |
|
|
80 | (1) |
|
Risk management strategies |
|
|
81 | (2) |
|
|
|
83 | (14) |
|
Basic requirement for security of personal data |
|
|
83 | (5) |
|
Employees and the security of personal data |
|
|
88 | (1) |
|
Data controllers and data processors |
|
|
89 | (6) |
|
Risk management strategies |
|
|
95 | (1) |
|
|
|
96 | (1) |
|
|
|
97 | (10) |
|
|
|
97 | (1) |
|
A prohibition on transfers outside the EEA |
|
|
98 | (1) |
|
Exceptions to the prohibition |
|
|
99 | (3) |
|
|
|
102 | (4) |
|
Becoming aware of inadequate protection |
|
|
106 | (1) |
|
|
|
106 | (1) |
|
Part II Key Implications Relating to the Stages of the Financial Services' Customer Life Cycle |
|
|
107 | (88) |
|
|
|
109 | (2) |
|
Advertising and the Impact of the First and Second Principles |
|
|
111 | (14) |
|
|
|
111 | (2) |
|
Subject information -- what is required? |
|
|
113 | (5) |
|
Special rules for websites |
|
|
118 | (1) |
|
The role of product provider |
|
|
119 | (1) |
|
The role of the intermediary |
|
|
120 | (1) |
|
Affinity marketing and its effect on traditional roles |
|
|
121 | (2) |
|
|
|
123 | (2) |
|
Marketing and Privacy Issues |
|
|
125 | (16) |
|
Definition of direct marketing |
|
|
125 | (1) |
|
A general rule for direct marketing |
|
|
126 | (1) |
|
Special rules for direct mail |
|
|
126 | (1) |
|
Special rules for telephone calling |
|
|
127 | (4) |
|
Special rules for marketing by email and text messaging |
|
|
131 | (3) |
|
|
|
134 | (2) |
|
Using personal information as marketing material |
|
|
136 | (2) |
|
|
|
138 | (3) |
|
The Sales Process and the Third Principle |
|
|
141 | (12) |
|
The enquiry or application form |
|
|
141 | (1) |
|
Record-keeping requirements |
|
|
141 | (1) |
|
Creating and maintaining adequate records |
|
|
142 | (2) |
|
|
|
144 | (1) |
|
|
|
144 | (3) |
|
Money laundering prevention measures |
|
|
147 | (3) |
|
|
|
150 | (2) |
|
|
|
152 | (1) |
|
|
|
153 | (6) |
|
Sensitive categories of information |
|
|
153 | (1) |
|
Sensitive data in the application process |
|
|
154 | (1) |
|
Sensitive data in insurance claims |
|
|
155 | (1) |
|
Sensitive data in other areas |
|
|
156 | (1) |
|
|
|
157 | (2) |
|
Record-keeping and the Fourth and Fifth Principles |
|
|
159 | (6) |
|
|
|
159 | (1) |
|
Keeping personal information up to date |
|
|
160 | (1) |
|
|
|
161 | (1) |
|
Keeping personal information for no longer than is necessary |
|
|
162 | (2) |
|
|
|
164 | (1) |
|
Security: The Practical Implications of the Seventh Principle |
|
|
165 | (8) |
|
Unauthorised and unlawful processing |
|
|
165 | (2) |
|
|
|
167 | (3) |
|
The security requirements of being an outsource service provider |
|
|
170 | (2) |
|
|
|
172 | (1) |
|
The Exercise of Subject Rights and the Sixth Principle |
|
|
173 | (10) |
|
|
|
174 | (3) |
|
The right to prevent processing for the purposes of direct marketing |
|
|
177 | (1) |
|
The right to object to decisions taken by automated means |
|
|
178 | (1) |
|
The right to prevent processing likely to cause damage or distress |
|
|
179 | (1) |
|
The right to compensation |
|
|
180 | (1) |
|
Rights in relation to inaccurate data |
|
|
181 | (1) |
|
Examples of breaches of subject rights |
|
|
181 | (1) |
|
|
|
182 | (1) |
|
|
|
183 | (12) |
|
The effect of the seventh principle |
|
|
183 | (6) |
|
Data processors outside of UK jurisdiction |
|
|
189 | (3) |
|
|
|
192 | (3) |
|
Part III The Regulatory Framework |
|
|
195 | (30) |
|
The Information Commissioner |
|
|
197 | (6) |
|
Structure of the Office of the Information Commissioner |
|
|
197 | (1) |
|
Responsibilities and functions |
|
|
198 | (5) |
|
|
|
203 | (4) |
|
Activities subject to notification |
|
|
203 | (1) |
|
|
|
204 | (1) |
|
|
|
205 | (1) |
|
Consequences of not being registered |
|
|
205 | (1) |
|
|
|
205 | (1) |
|
Risk management strategies |
|
|
206 | (1) |
|
|
|
206 | (1) |
|
|
|
207 | (4) |
|
|
|
207 | (1) |
|
Unauthorised disclosure and obtaining |
|
|
207 | (1) |
|
|
|
208 | (1) |
|
Frustrating a subject access request |
|
|
208 | (1) |
|
Liability for data protection offences |
|
|
209 | (1) |
|
|
|
209 | (2) |
|
The Financial Services Authority |
|
|
211 | (10) |
|
|
|
211 | (1) |
|
The use of personal information by the FSA |
|
|
212 | (2) |
|
The FSA approach to data protection regulation of member firms |
|
|
214 | (1) |
|
Recruitment of approved persons |
|
|
215 | (3) |
|
|
|
218 | (3) |
|
Conflict between Laws and Regulation |
|
|
221 | (4) |
|
Determining precedence -- provisions in the Data Protection Act 1998 |
|
|
221 | (3) |
|
Provisions in other legislation |
|
|
224 | (1) |
|
|
|
224 | (1) |
|
|
|
224 | (1) |
| Bibliography |
|
225 | (2) |
| Index |
|
227 | |
Rohkem infot Taylor & Francis e-raamatute kohta