| Data Protection Act 1984 (c. 35) |
| 1984 Chapter c.35 - continued |
|
 |
|
| |
S C H E D U L E S |
|
SCHEDULE 1
|
| |
THE DATA PROTECTION PRINCIPLES |
| |
PART I |
| |
THE PRINCIPLES |
| |
Personal data held by data users |
| |
1. The information to be contained
in personal data shall be obtained, and personal data shall be processed,
fairly and lawfully.
|
| |
2. Personal data shall be held only
for one or more specified and lawful purposes.
|
| |
3. Personal data held for any purpose
or purposes shall not be used or disclosed in any manner incompatible with
that purpose or those purposes.
|
| |
4. Personal data held for any purpose
or purposes shall be adequate, relevant and not excessive in relation to
that purpose or those purposes.
|
| |
5. Personal data shall be accurate
and, where necessary, kept up to date.
|
| |
6. Personal data held for any purpose
or purposes shall not be kept for longer than is necessary for that purpose
or those purposes.
|
| |
7. An individual shall be entitled-
|
| |
(a) at reasonable intervals and without undue delay or expense-
|
| |
(i) to be informed by any data user whether he holds personal data
of which that individual is the subject; and
|
| |
(ii) to access to any such data held by a data user; and
|
| |
(b) where appropriate, to have such data corrected or erased.
|
| |
Personal data held by data users or in respect of which services
are provided by persons carrying on computer bureaux |
| |
8. Appropriate security measures shall
be taken against unauthorised access to, or alteration, disclosure or destruction
of, personal data and against accidental loss or destruction of personal
data.
|
| |
PART II |
| |
INTERPRETATION |
| |
The first principle |
| |
1. - (1) Subject to sub-paragraph
(2) below, in determining whether information was obtained fairly regard
shall be had to the method by which it was obtained, including in particular
whether any person from whom it was obtained was deceived or misled as
to the purpose or purposes for which it is to be held, used or disclosed.
|
| |
(2) Information shall in any event be
treated as obtained fairly if it is obtained from a person who-
|
| |
(a) is authorised by or under any enactment to supply it; or
|
| |
(b) is required to supply it by or under any enactment or by any convention
or other instrument imposing an international obligation on the United
Kingdom;
|
| |
and in determining whether information was obtained fairly
there shall be disregarded any disclosure of the information which is authorised
or required by or under any enactment or required by any such convention
or other instrument as aforesaid.
|
| |
The second principle |
| |
2. Personal data shall not be treated
as held for a specified purpose unless that purpose is described in particulars
registered under this Act in relation to the data.
|
| |
The third principle |
| |
3. Personal data shall not be treated
as used or disclosed in contravention of this principle unless-
|
| |
(a) used otherwise than for a purpose of a description registered under
this Act in relation to the data; or
|
| |
(b) disclosed otherwise than to a person of a description so registered.
|
| |
The fifth principle |
| |
4. Any question whether or not personal
data are accurate shall be determined as for the purposes of section 22
of this Act but, in the case of such data as are mentioned in subsection
(2) of that section, this principle shall not be regarded as having been
contravened by reason of any inaccuracy in the information there mentioned
if the requirements specified in that subsection have been complied with.
|
| |
The seventh principle |
| |
5. - (1) Paragraph (a) of this principle
shall not be construed as conferring any rights inconsistent with section
21 of this Act.
|
| |
(2) In determining whether access to
personal data is sought at reasonable intervals regard shall be had to
the nature of the data, the purpose for which the data are held and the
frequency with which the data are altered.
|
| |
(3) The correction or erasure of personal
data is appropriate only where necessary for ensuring compliance with the
other data protection principles.
|
| |
The eighth principle |
| |
6. Regard shall be had-
|
| |
(a) to the nature of the personal data and the harm that would result
from such access, alteration, disclosure, loss or destruction as are mentioned
in this principle; and
|
| |
(b) to the place where the personal data are stored, to security measures
programmed into the relevant equipment and to measures taken for ensuring
the reliability of staff having access to the data.
|
| |
Use for historical, statistical or research purposes |
| |
7. Where personal data are held for
historical, statistical or research purposes and not used in such a way
that damage or distress is, or is likely to be, caused to any data subject-
|
| |
(a) the information contained in the data shall not be regarded for
the purposes of the first principle as obtained unfairly by reason only
that its use for any such purpose was not disclosed when it was obtained;
and
|
| |
(b) the data may, notwithstanding the sixth principle, be kept indefinitely.
|
