Data Protection Act 1998


Also found in: Acronyms, Encyclopedia.

Data Protection Act 1998

UK law that protects patient information from unauthorised access. The Act requires that data acquired has prior informed consent, that it is stored securely with safeguards to avoid unauthorised access of the data, and can only be released under exceptional circumstances—e.g., for criminal investigations. The Act allows individuals to access information of which they are the subject—e.g., their own medical records.

Eight Principles of Data Protection Act
Personal data must be:
(1) Processed fairly and lawfully;
(2) Processed for specific purposes and in an appropriate manner;
(3) Adequate, relevant and not excessive;
(4) Accurate and up-to-date;
(5) Not kept for longer than necessary;
(6) Processed in accordance with the rights of the data subjects;
(7) Protected by appropriate security;
(8) Not transferred outside the European Economic Area without adequate controls.
References in periodicals archive ?
Davies is also accused of five separate counts of breaching the Data Protection Act 1998.
If a company based in the UAE transfers personal data to, for example, the UK for processing, it is possible it would be subject to the provisions of the UK's Data Protection Act 1998, a law with stiff penalties for those that offend against it.
RE Crafty new tricks of the cold callers (Brian Christley, Letters, May 31): rather than the Data Protection Act 1998 (DPA) preventing these cold callers from giving out their names, the opposite is true.
In exercising his new powers to fine organisations who breach the Data Protection Act 1998 (DPA), the Information Commissioner has made very clear that security of data, and in particular sensitive personal data, is a major priority.
Mum-of-one Harron pleaded guilty to three counts of obtaining and disclosing personal data contrary to the Data Protection Act 1998 when she appe ared at Solihull Magistrates Court on July 13.
Typical contracts, such as a standard letter of engagement, clearly state that firms will comply with the Data Protection Act 1998 when processing client data.
They might also see the legislative provision for information sharing and protection, namely the Freedom of Information Act 2000 and the Data Protection Act 1998 as being mutually exclusive and contradictory with each other.
Such information requests come under the Data Protection Act 1998, which has third-party restrictions and does not take into account the special circumstances of post-care adults who mainly want to obtain a family history, including details of their parents and siblings.
The new legislation must also take into account the legitimate needs of businesses and individuals to maintain the integrity of their information and security processes and any disclosure must be processed in accordance with the provisions of the Data Protection Act 1998.
Organisations still holding paper records will be in breach of the The data Protection Act 1998 by October 2007 if all personal data held in company records has not been be digitized and stored securely.
Data Protection Act 1998, Chapter 29 [Electronic version].
The UK Data Protection Act 1998 took effect on March 1, 2000, but its provisions are incremental and organizations do not have to fully comply for 7 years.

Full browser ?