1.13 Data protection

The Data Protection Act covers the use of personal data, which is anything that could identify a living person. Any organisation collecting personal data through their Web site (or by other means) must obey this law. You must:

• explain that you are obtaining personal data and what you are using it for:
  (a) if the data is 'sensitive', for example, information about ethnicity, health or disabilities, you must ask for permission first;



• only use this data for the reason you give;
  
  
• only ask for data that is relevant and necessary;
  
  
• ensure that data is correct and up-to-date:
  (a) people can ask to see their data and correct it;
  
  
• only keep data as long as it is necessary:
  (a) when it is no longer needed, or is out of date, it should be deleted;
  
  
• abide by people's rights;
  
  
• keep data confidential and secure;
  
  
• do not transfer data outside the EU.
  

The Office of the Information Commissioner (http://www.informationcommissioner.gov.uk/) [Opens in new browser window] enforces the Data Protection Act.

This site provides a number of guides for people producing Web sites, (http://www.informationcommissioner.gov.uk/eventual.aspx?id=87) [Opens in new browser window].
For example see "Guidance for - Private Sector - Website FAQ".

< previous page: links  |  next page: copyright >

© Copyright for this site is held by Contact a Family and the Information Society Research and Consultancy Group, School of Computing, Engineering and Information Sciences, Northumbria University. Site published February 2003. Last updated October 2006. Review date October 2007.