Data Protection Act 1998


Data Protection Act 1998

UK law that protects patient information from unauthorised access. The Act requires that data acquired has prior informed consent, that it is stored securely with safeguards to avoid unauthorised access of the data, and can only be released under exceptional circumstances—e.g., for criminal investigations. The Act allows individuals to access information of which they are the subject—e.g., their own medical records.
Eight Principles of Data Protection Act
Personal data must be:
(1) Processed fairly and lawfully;
(2) Processed for specific purposes and in an appropriate manner;
(3) Adequate, relevant and not excessive;
(4) Accurate and up-to-date;
(5) Not kept for longer than necessary;
(6) Processed in accordance with the rights of the data subjects;
(7) Protected by appropriate security;
(8) Not transferred outside the European Economic Area without adequate controls.