In today’s modern world, it’s become almost acceptable for our personal data to be computerised and to be used by businesses in a variety of ways. Most often for marketing.
However, with the introduction of the Data Protection Act 1998, all businesses now have legal obligations as to how they store and use your personal information.
Did you know? The Data Protection Act 1998 became law in March 2000, and applies to all industries.
The Data Protection Act states that all personal data must be
- Processed fairly and lawfully
- Processed for specified purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than necessary
- Processed in accordance with the rights of data subject
- Protected by appropriate security
- Not transferred outside the EEA (European Economic Area) without adequate protection
In addition to this, the NHS published the Caldicott Report in 1997, which forms the basis of the NHS Confidentiality Code of Practice.
The six key principles highlighted in the report are:
- Justify the purpose of using confidential information
- Only use it when absolutely necessary
- Use the minimum that is required
- Access to patient identifiable information should be a strict need to know basis
- Everyone must understand his or her responsibilities
- Understand and comply with the law
Following the publication of this report, the Chief Medical Officer instructed all NHS and Social Care organisations in England and Wales to have a Caldicott Guardian.
At Sue’s Office, we are committed to maintaining strict confidentiality practices. We routinely follow the Caldicott principles and adhere to the Data Protection Act.
We’re always happy to sign your own confidentiality agreements.