ABSTRACT
The Data Protection Act 1998 (the Act) specifies categories of personal information
that are defined as ‘sensitive data’. The categories are taken directly from the EC
Directive on which the UK data protection law is based. 1
These are:
• details of race or ethnic origin
• information relating to an individual’s physical or mental health
• information relating to an individual’s sexual life
• details of criminal convictions, allegations of criminal offences, court proceedings for any offence
• information about religious or philosophical beliefs
• details of trade union membership
• information about political beliefs.
