Data protection and identity theft :Cross Stitch – Government, citizens and rights

The Data Protection Act controls how your personal information is used by corporations or the government. Its rules require everyone who collects data to follow strict rules, and to keep your information safe. This page explains how it works.

The Data Protection Act’s rules are quite complex, but at the heart of it are eight common sense rules known as the ‘data protection principles’.

These principles require any organisation, corporation or governmental body that collects personal information to handle it safely. Anyone collecting personal information must:

  • fairly and lawfully process it
  • process it only for limited, specifically stated purposes
  • use the information in a way that is adequate, relevant and not excessive
  • use the information accurately
  • keep the information on file no longer than absolutely necessary
  • process the information in accordance with your legal rights
  • keep the information secure
  • never transfer the information outside the UK without adequate protection

All organisations collecting and using personal information are legally required to comply with these principles.

The law provides stronger protection for more sensitive information – such as your ethnic background, political opinions, religious beliefs, health, sexual life or any criminal history. It is enforced by an independent information commissioner, who can take action against any company or governmental body that fails to protect your information, or that abuses its right to collect and hold that information.

The Data Protection Act gives you the right to find out what information about you the government and other organisations store. This is known as the ‘right of subject access’. If you submit your request in writing, they are legally required to provide you with a copy of all the information they hold about you.

Some agencies or corporations may charge a fee for providing the information, but they are only allowed to charge up to £10 for digital information, or £50 for printed (i.e. non-electronic) medical records. Finding out what information about you credit reference agencies hold costs £2.