Record-keeping and the Fourth and Fifth Principles

The standards for information management are laid down in the data protection

principles. Several of the data protection principles impact on record-keeping; in

particular, the third principle requires personal data to be adequate, relevant and not

excessive and the fourth principle requires that it be accurate and kept up to date

where necessary. The fifth principle imposes an obligation to retain personal data

for no longer than is necessary for the purpose for which it is processed. The issue

of security, having wider implications than document and information security, is

covered in the next chapter.