The aim of the Data Protection Act (1998) is to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information. See full details of the Act.
Note: The following principles are contained within the Data Protection Act.
- The information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully.
- Personal data shall be held only for one or more specified and lawful purposes.
- Personal data held for any purpose or purposes shall not be used or disclosed in any manner incompatible with that purpose or those purposes.
- Personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- An individual shall be entitled -
- at reasonable intervals and without undue delay or expense -
- to be informed by any Data User whether he holds personal data of which that individual is the subject;
- to have access to any such data held by a Data User; and
- where appropriate, to have such data corrected or erased.
- at reasonable intervals and without undue delay or expense -
- Appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against loss or destruction of personal data.
Go to Electronic Information Systems Security Policy page
©Lancaster University ISS Governance Computer User Agreement Privacy & Cookies Notice