Promote good practice in handling information in health and social care settings
Legislation and Codes of Practice
Data Protection Act 1998
The Data Protection Act controls how personal information is used by organisations, businesses or the government. Everyone responsible for using data has to follow strict rules called 'data protection principles'. The Act relates to people living within the United Kingdom and provides a way in which individuals can be in control of the information about themselves. It is a law that protects personal privacy and upholds individuals rights. It covers any data which can be used to identify a living person, including personal details such as name, address, telephone number, email address etc. The Data Protection Act was amended in 2003 to bring it in line with EU Directives. This
broadened the term ‘data’ to include organised paper filing systems.
The 'data protection principles' state that information:
• Must be used in a fair and lawful way.
• Can only be used for limited purpose, e.g. specifically stated purposes
• Used in a way that is relevant, adequate and kept to a minimum.
• Have to be accurate and up-to-date
• Should not be kept for longer than necessary.
• Should be processed in accordance with people's data protection rights
• Should be stored safely securely
• Should not be transferred outside the European Economic area where there is no adequate protection in place.
Data protection involves confidentiality, keeping information safe, and only passing information on where there is a clear right to do so and a clear need to do so. In my work setting, paper and computerised records, such as service user files must be kept confidential in order to respect the privacy of the service user under the Human Rights Act 1998.
Human Rights Act 1998 Article 8
The Human Rights Act 1998 (also known as the Act or the HRA) came into force in the United Kingdom in October 2000. The HRA...