ABSTRACT
Of especial importance in the field of public health law is the subcategory of ‘sensitive personal data’ that includes information as to the ‘physical or mental health and condition’ of the data subject and which may be held either manually or electronically. The Act regulates the processing of this data, which may include organising, consulting, using, disclosing or destroying information. Data may only be processed in accordance with the ‘data protection principles’.98 Thus, it may only be processed ‘fairly and lawfully’ (principle 1), it must be adequate, relevant and not excessive (principle 3), it must be accurate and kept up to date (principle 4) and it must not be kept for any longer period that that for which it was processed (principle 5).
