From Orgwiki

The Data Protection Act (DPA) 1998 is the law that governs the processing of personal information held on living, identifiable individuals. Anyone processing personal information must comply with eight principles of good information handling. The eight principles state that the data must be:

• fairly and lawfully processed;
• processed for limited purposes;
• adequate, relevant and not excessive;
• accurate and up to date;
• not kept longer than necessary;
• processed in accordance with the individual's rights;
• secure;
• not transferred to countries outside the European Economic area, unless there is adequate protection.

[edit] Changes to the legislation

In May 2006 the Information Commissioner published a report, What Price Privacy?, calling for prison sentences of up to two years for the illegal buying and selling of personal information. A public consultation was subsequently held, seeking responses to the proposed changes.

[edit] Links

[edit] Related articles

• Data Protection Act Consultation
• Wilson Doctrine
• Biometrics
• DNA Database
• Identity Theft
• ID Cards
• NHS Care Records Service