the 1998 Data Protection Act sets out 8 Data Protection Principles:
- Principle 1
any organisation must be fair and legal in the way it uses personal data
- Principle 2
information must be obtained for specific purposes and must not be used for anything else
- Principle 3
information must be adequate, relevant and not excessive
- Principle 4
information must be accurate and up to date
- Principle 5
information must not be kept longer than necessary
- Principle 6
every organisation must respect the rights of individuals
- Principle 7
there must be adequate security to protect data against unauthorised access and against accidental loss or damage
- Principle 8
data must not be sent abroad without adequate protection