ABSTRACT
The standards for information management are laid down in the data protection
principles. Several of the data protection principles impact on record-keeping; in
particular, the third principle requires personal data to be adequate, relevant and not
excessive and the fourth principle requires that it be accurate and kept up to date
where necessary. The fifth principle imposes an obligation to retain personal data
for no longer than is necessary for the purpose for which it is processed. The issue
of security, having wider implications than document and information security, is
covered in the next chapter.