The following terms apply to the UK Data Protection Act.
A person or organisation that stores data to be processed by a Data User.
A person or organisation about which data is held.
A person or organisation that processes data (held by a Data controller) about a Data subject. Usually, but not always, the same entity as the Data controller.
Any information, stored for any purpose. This used only to apply to electronic information, thus leaving a huge gaping hole in the law, but the 1998 update to the Data Protection Act amended this.
Any data that can be identified to any one person. A list of phone numbers is not in itself personal, but a list of phone numbers indexed to a list of names is.
Sensitive Data is defined as Personal data that pertains to at least one of the following:
The laws provide much stronger protection for sensitive data, compared to personal data.
Back to Computers, the Law and You