The Right to Security

The 7th Principle of the DPA requires that personal data be kept secure. This Principle therefore requires that written and agreed procedures are in place to cover:

• The definition of the expectations of the individuals whose personal data is being processed;
• The prevention and detection of unauthorised or unlawful access to personal data for purposes other than those for which the data was collected;
• The management of transparent procedures to add/alter/delete authorisation;
• The restriction of access to personal data to those explicitly authorised to do so for their job;
• The imposition & management of physical and organisational access restrictions to personal data;
  The development & management of procedures for data recovery of personal data in the event of its accidental loss.
• These requirements link with the provisions of the Computer Misuse Act - See elsewhere in this A to Z Guide for information on the Computer Misuse Act.