The Data Protection Act sets out eight principles for anyone who processes personal information and includes information both held on a computer and paper-based files.
- its use is fair and lawful
- it is to be used only for specific purposes
- it is adequate, relevant and not excessive
- it is accurate and up to date
- it is not kept for longer that is necessary
- it is processed in line with an individuals rights
- it is secure
- it is not transfered to other countries without adequate protection
Information about the Data Protection Act is provided by the Information Commissioner at http://www.ico.gov.uk/
The Guide to the Data Protection Act explains the legislation, gives practical examples to illustrate how the principles apply in practice, and uses frequently asked questions about data protection to provide a useful source of practical advice to those who have day-to-day responsibility for data protection.
The Archbishops’ Council has produced a Guide to the Data Protection Act: The Data Protection Act 1998 : A Guide for Parishes Issues by the Archbishops’ Council 2001.