1.1 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. In practice it provides a way for individuals to control information about themselves. The Act defines eight data protection principles which are: 1. Personal data shall be processed fairly and lawfully 2. Personal data shall be obtained only for one or more specified and lawful purposes and shall not be processed in any manner incompatible with that purpose. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose shall not be kept for any longer than necessary for that purpose. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to person data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensure a adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
It also requires companies and individuals to keep personal information to themselves. 1.2 Information on service users and in house information is critical to the business of the home. It is essential that we maintain Information Security. The purpose of information security polices is to preserve:
Confidentiality: data is only accessed by people who have the right to view the information.
Integrity: information needs to be accurate