Data Protection Act 1998
– Main UK legislation governing personal data protection – Key principles:
- Data used only for a specific purpose is collected
- No disclosure without consent
- Individual right to access their information
- Information is kept no later than necessary
- Must be kept up to date
- No transmission outside the EU without consent
- Registration with the Information Commissioner’s Office required
- Adequate security measures (technical and organisational)
- Patients’ right to correct factually incorrect information