the 1998 Data Protection Act sets out 8 Data Protection Principles:
  1. Principle 1
  2. any organisation must be fair and legal in the way it uses personal data

  3. Principle 2
  4. information must be obtained for specific purposes and must not be used for anything else

  5. Principle 3
  6. information must be adequate, relevant and not excessive

  7. Principle 4
  8. information must be accurate and up to date

  9. Principle 5
  10. information must not be kept longer than necessary

  11. Principle 6
  12. every organisation must respect the rights of individuals

  13. Principle 7
  14. there must be adequate security to protect data against unauthorised access and against accidental loss or damage

  15. Principle 8
  16. data must not be sent abroad without adequate protection