The Data Protection Act 1998 (DPA) regulates how personal information relating to living individuals is dealt with.
The DPA lays down detailed conditions for the processing of personal data and gives rights to individuals to access information held about them and to have inaccurate data corrected or erased.
The DPA recognises that information is power, particularly when the information contains personal data, which is capable of being processed by computer in many different ways and for many different purposes. Misuse of this power can cause considerable damage or distress to those individuals whose data is misused.
The aim of the DPA is therefore to control the use of personal data and ensure that all data controllers follow a standard approach in handling such data. There are eight data protection principles in the Act, which when adhered to, should result in personal data being dealt with properly.