Identity theft
What is a Personal Identity?
How could it be lost

1. Legal methods - data harvesting
This is where companies get you to enter your data to enter competitions or get you to install software that takes it away from you. This is legal as you have to download and agree to let the companies take it and sell it on.

2. Giving it away - users careless - social media etc
When you join social media sites you have to enter all your data, this is giving it away as anyone can see this and also if you say put your address on your social media site for a party you are also giving it away so people know where you live and whether you are worth burgling or not.

3. Illegal methods - hacking & viruses etc
Hacking is when someone breaks into your computer to steal your data remotely. Viruses are hidden downloads that infiltrate your computer and log everything you enter and then send it on to another computer later.

Consequences of ID Loss
Information Commissioners Office
The ICO is the UK's independent body set up to uphold information rights.
Its website is
Data Protection Act - UK & Europe
8 Data Protection Principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –

(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

9. Rights of the Data Subject
A Right of Subject Access
A Right of Correction
A Right to Prevent Distress
Right to Prevent Direct Marketing
A Right to Prevent Automatic Decisions
A Right of Complaint to the Information Commissioner
A Right to Compensation

10. Responsibilities of the Data User
Keep the data secure, a data user must be regestered, you have to inform the information comistioner what data you will have and what you will be using it for and how you will be keeping it. You must also repond to data requests at a timly manner.


1. Data
facts and statistics collected together for reference or analysis.

2. Data Subject
The Data Subject is a living individual to whom personal data relates.

3. Data User
A data user is someone who controls the collection, holding, processing, or the use of the data.

4. Data Manager
Administrative process by which the required data is acquired, validated, stored, protected, and processed.

Privacy & Electronic Communication Regulations

Responsibilities & Obligations
It is unlawful to send someone direct marketing who has not specifically granted permission (via an opt-in agreement) unless there is a previous relationship between the parties. Organisations cannot merely add people's details to their marketing database and offer an opt out after they have started sending direct marketing. For this reason the regulations offer more consumer protection from direct marketing.


1. Person
This is an identifiable human being.

2. Caller
a. a person who pays a brief visit or makes a telephone call.

3. Subscriber
Someone who subscribes to something so they receive information about what they have subscribed to.

Solicited & Un-solicited Marketing

Solicited marketing is when the person has requested the information or advertisements.

Unsolicited marketing is when the person has not requested it and PECR rules apply this is true even if the person has opted in to receive marketing from the company but not about that product.

Opt in and opt out clauses:
This is a system whereby the individual can opt in or opt out to receiving marketing from an organisation.

Complying with the regulations