| All businesses should be concerned about data | | | | confidential information etc.) |
| protection and the Data Protection Acts 1988 and | | | | It should be noted that Irish legislation only applies to |
| 2003 which govern this area in Ireland. These 2 acts | | | | data controllers who are established here. |
| attempt to balance the rights of individuals in relation | | | | Direct Marketing |
| to personal information that is stored by various | | | | The legislation provides detailed rules regarding the |
| organisations about them. | | | | use of personal information for direct marketing |
| People who control and use information about others | | | | purposes. |
| are called 'data controllers' and are recognised in the | | | | Where data is kept for this purpose then the subject |
| acts above as having certain obligations imposed on | | | | can request in writing to cease the use of the |
| them by law. | | | | information for that purpose and the data controller |
| Individuals should know when they provide personal | | | | must comply within 4 days. The data controller must |
| information to any organisation..... | | | | inform the subject that they may object in this way. |
| Who is gathering the information? | | | | Processing of personal data |
| What use this information will be put? | | | | In order to process personal information the most |
| Who the information will be disclosed to.. | | | | important pre-condition to be satisfied is that the |
| If a data controller has the information for a specific | | | | data may only be processed where the subject has |
| purpose but in the future decides to use it for a new | | | | given his consent. |
| purpose he must ask the person whose information | | | | However there is considerable debate as to what |
| he has whether they are agreeable to that new use | | | | 'consent' in this context means-is it the opt-in |
| or not as the data shall only be held for specified | | | | procedure (where the subject must expressly |
| purposes. | | | | consent to his data being processed)? |
| Personal information should not be excessive in | | | | Or is it the opt-out procedure (where the subject is |
| relation to the purpose for which it is held and should | | | | asked if they object to their data being processed) |
| not be kept for longer than is necessary for that | | | | There are additional preconditions relating to the |
| purpose | | | | processing of sensitive personal details such as racial |
| Non compliance with data protection law | | | | or ethnic origin, political opinion, religious belief etc. In |
| Non-compliance with data protection law may lead to | | | | these circumstances the data subject must expressly |
| a complaint to the Data Protection Commissioner and | | | | consent and the 'opt out' procedure would not be |
| the Data Controller can be held liable under normal | | | | sufficient in these situations. |
| common law principles (eg the law of contract, | | | | |