The Data Protection Act, 1998 (8 Principles)
1.Processing personal information fairly and lawfully
Personal data should be processed fairly and lawfully and, in particular shall not be processed unless certain conditions, set out in the Act, are met.
2.Processing personal data for specified purposes only
“Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner in compatible with that purpose or those purposes”
3.The amount of personal information
“Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed”
4.Keeping personal information accurate and up to date
Personal data shall be accurate, and where necessary, kept up to date
5.Keeping personal information
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Note that in health and social care and support agencies there are specific recommended time frames for keeping and disposing of different types of information about individuals and this is set out clearly by each organisation’s agreed policies and procedures. There are also specific time frames with regards to employment records in relation to staff.
6.Ensuring that people’s rights are maintained
Personal data shall be processed in accordance with rights of the person. For example, a person has the right to: request access to the information; prevent the processing of information if it is likely to cause damage or distress; correct mistakes in the information; claim compensation if the information is inaccurate of if the Data Protection Act has been breached….
7. Information Security
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
8. Sending information outside the European Union
Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights of data for subjects in relation to the processing of personal data.
Use to answer question 14.1a of the Care Certificate