the 1998 Data Protection Act sets out 8 Data Protection Principles:
  1. Principle 1
    2. any organisation must be fair and legal in the way it uses personal data

  2. Principle 2
    3. information must be obtained for specific purposes and must not be used for anything else

  3. Principle 3
    4. information must be adequate, relevant and not excessive

  4. Principle 4
    5. information must be accurate and up to date

  5. Principle 5
    6. information must not be kept longer than necessary

  6. Principle 6
    7. every organisation must respect the rights of individuals

  7. Principle 7
    8. there must be adequate security to protect data against unauthorised access and against accidental loss or damage

  8. Principle 8
    9. data must not be sent abroad without adequate protection