ABSTRACT
The primary source for current practice is the Data Protection Act 1984 and its associated Statutory Instruments. The need for an individual’s affairs to be accorded a reasonable degree of confidentiality is certainly catered for, but the legislation also imposes a requirement for reliability of personal information used, together with an obligation to collect and use that information fairly. The range of steps which need to be taken by and within an organisation concerning data protection is wide and a variety of people are involved. Even at the policy making level it is wise for an organisation to demonstrate its commitment to good data protection. Adequate and timely training in data protection principles and practice is an important factor in establishing and managing good data protection practice in an organisation.
