the data protection act 1998
Cards (8)
- data should be processed fairly and lawfully - information should only be collected with an individual's permission and shared on a need-to-know basis
- data should be used only for the purposes for which it was intended - gathered for a specific, necessary purpose and used only for that.
- data should be adequate and relevant, but not excessive - care workers should only collect and use information on a patient that is needed.
- data should be accurate and kept up-to-date - inaccurate data should be destroyed/corrected. systems should be put in place to check accuracy
- data should be kept for no longer than is necessary - information no longer needed should be deleted or destroyed (shredding).
- data should be processed in line with the rights of the individual - people have a right to know if information is being held about them, how it's being used and have it corrected.
- data should be secured - non authorised people shouldn't be allowed access to it and there should be a confidentiality policy.
- data should not be transferred to other countries outside the eu - unless the service user has given consent as other countries may not have the same data protection legislation.