| Notice | Data subjects should be given notice when their data is being collected. |
|---|---|
| Purpose | Data should only be used for the purpose stated and not for any other purposes. |
| Consent | Data should not be disclosed without the data subject’s consent. |
| Security | Collected data should be kept secure from any potential abuses. |
| Disclosure | Data subjects should be informed as to who is collecting their data. |
| Access | Data subjects should be allowed to access their data and make corrections to any inaccurate data. |
| Accountability | Data subjects should have a method available to them to hold data collectors accountable for following the above principles. |
| 1. | The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully. | ||||
|---|---|---|---|---|---|
| 2. | Personal data shall be held only for one or more specified and lawful purposes. | ||||
| 3. | Personal data held for any purpose or purposes shall not be used or disclosed in any manner incompatible with that purpose or those purposes. | ||||
| 4. | Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes. | ||||
| 5. | Personal data shall be accurate and, where necessary, kept up to date. | ||||
| 6. | Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. | ||||
| 7. | An individual shall be entitled-
| ||||
| 8. | Appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data. |
The act creates the post of "Data Protection Registrar", to issue guidance as to which data uses do not need to be registered, and to assemble the register of organizations, with data bases that do register.
The text of the act can be found on the government website.
The responsibilities of the "Data Protection Registrar" transferred to the new post of "Information Commissioner".
The updated list data use that is exempt from the need to register, is in the schedule.
The website contains lots of usefull information. The office ot he information commisioner, is resposible for enforcing good practise with regards to the use and care of data within four main areas.