This snapshot taken on 07/01/2008, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.
Please note that this website has a UK government accesskeys system.
The Data Protection Act regulates how your personal information is used and protects you from misuse of your personal details.
It provides a common-sense set of rules which prohibit the misuse of your personal information without stopping it being used for legitimate or beneficial purposes.
The details of the Data Protection Act are quite complex, but at the heart of it are eight common-sense rules known as the Data Protection Principles.
These require personal information to be:
Organisations using personal information ('data controllers') must comply with these Principles.
The Act provides stronger protection for sensitive information about your ethnic origins, political opinions, religious beliefs, trade union membership, health, sexual life and any criminal history.
The Act, with some exceptions, gives you the right to find out what information is held about you by organisations. This is known as the 'right of subject access'. On written request, you are entitled to be supplied with a copy of all the information an organisations holds about you.
The organisation may charge a fee for providing the information, up to a maximum of £10 in most instances and up to £50 in the case of manual (i.e. non-electronic) medical records. To see what information is held on you by credit reference agencies costs £2.
You also have the right to stop organisations using your personal information for direct marketing purposes. You can do this by registering your details with one of the preference services..
The Act is enforced by an independent authority called the Information Commissioner. He has powers to take action against organisations that misuse information about you.
How to protect yourself if identity theft happens to you
