Data Protection Commission
  
Protecting your personal privacy in the information age
About Us
Privacy Statement
For Individuals
For Organisations
Registration
Publications & Forms
FAQ
Guidance
Law
Enforcement
European Functions
Conferences
Training & Awareness
Links
Case Studies
News
  • Archives
  • Press Releases
A - Z
Teens
Home
Gaeilge
Know Your Rights
 
Text Only
Print
Data Protection Rule 2

Specifying the Purpose

"the data shall have been obtained only for one or more specified explicit and legitimate purposes"
- section 2(1)(c)(i) of the Act

You may not keep information about people unless it is held for a specific, lawful and clearly stated purpose. It is therefore unlawful to collect information about people routinely and indiscriminately, without having a sound, clear and legitimate purpose for so doing.

Data controllers who are required to register with the Data Protection Commissioner include in their register entry a statement of their purpose for holding personal data. If such data controllers keep or use personal data for any purpose other than the specified purpose, they may be guilty of an offence.

Having A Specified Purpose: Test Yourself

You should be able to answer YES to the following questions:-

  • Do you specify the purpose for which you are collecting and keeping personal information?
  • Is that purpose lawful?
  • Can you make a precise statement of that purpose?
  • Has the purpose been made known to those for whom, and about whom, you keep personal data?
  • Have you made out a list of the different sets of data which you keep and the specific purpose of each?

Practical steps
Prepare a statement of the purpose or purposes for which you hold information about others. Any individual has the right to ask you to state the purposes for which you keep such information. If you have not already done so, you should also prepare the list referred to in the final question.

Some Case Studies relevant to this topic:

The following Case Studies, which have appeared in Annual reports of the Data Protection Commissioner over recent years, may be of some interest. Click on the Case Study details to see the full text.

CASE STUDY 5/04 - Political party - use of party political database in sending out an appeal for funds for a charity.

CASE STUDY 5/01 - MBNA Bank - unwanted direct marketing - mailings and telemarketing - failure to delete details from direct marketing databases - Eircom - the practice of 'teleappending' - fair processing - incompatiblepurpose

CASE STUDY 2/00 - Department of Education and Science - use of trade union membership subscription data to withhold pay - fair obtaining and processing - specified purpose - compatible use - purpose as described in register entry

CASE STUDY 8/99 — telecommunications company - electronic publication of telephone directory on the Internet and CD-ROM - advanced and novel search capabilities - whether compatible with purpose for which data were obtained

CASE STUDY 1/97 — hospital patient’s data disclosed for research – data not obtained fairly for this purpose

 
MENU Select Page No.
<- Previous    Next ->





» Permanent Link

Office of the Data Protection Commissioner. Canal House, Station Road, Portarlington, Co. Laois, Ireland.
LoCall 1890 25 22 31 - Phone 00353 57 868 4800 - Fax 00353 57 868 4757 - email info@dataprotection.ie