The Data Protection Act 1998 was introduced to keep all personal and confidential data protected from unauthorised subjects. The aim was also to protect the rights and privacy of individuals such as those in a hospital, care home or nursing home along with other businesses unrelated to health and social care. Data can be viewed by unauthorized persons through computers that are not password protected; filing cabinets being left unlocked and accessible and personal information left in clear view. This Act includes eight principles outlining the requirements of the Legislation, ensuring that the safety of service users and staff alike are promoted. The principles include:
Data must be processed fairly and lawfully: meaning that the data controller has legitimate grounds for collecting and possessing the personal data and it should be handled in a way that the data subject would expect without doing anything unlawful with it.
It should be obtained only for one specified and lawful purpose and shall not be further processed in any manner incompatible with that purpose. This means that it must be clear to the data subject from the beginning why the data is being collected about them and should comply with the Act’s fair processing requirements, which ensures that the privacy of the individual is maintained when collecting their personal data.
It must be adequate, relevant and not excessive: meaning that any information that is held about an individual is sufficient for the purpose that it is being held for and that no more information is held than necessary for that purpose.
It must be accurate and up to date. This means that the data controller should make sure that the personal data about any individual is valid, accurate and kept accurate.
It should not be kept any longer than necessary: meaning that the length of time that personal data is kept should be reviewed from time to time and if it is no longer needed, then it should be disposed of securely.
It must be processed in accordance with the ‘data subject’s’ rights: meaning the data subject has the right to a copy of their own personal data and has a right to object to processing that is likely to cause, or is causing, damage or distress. They also have the right to prevent the processing for direct marketing and even have the right to claim compensation for damages caused by a breach of the Act.
It must be securely kept: meaning that the design and organisation of security should be adapted to the nature of the personal data and it should be clear who is responsible for ensuring information security. Organisations should be ready to respond to any breach of security swiftly and effectively.
It must not be transferred to any other country without adequate protection. If information about any individual needs to be sent outside the European Economic Area, then the two principles, principle one and seven, play a major role in ensuring that the transportation of the information is secure.
These eight principles help promote the safety of the individuals in a health and social care environment because they ensure that personal data is handled in a correct manner, while respecting service users’ rights to confidentiality and privacy. They are a basic guide for employees to understand and follow so they ensure the safety and confidentiality of the patients is at the centre of what they do.
The Health and Safety at Work Act 1974 is the main piece of British health and safety law and has led on to the development of numerous other pieces of health and safety Legislation. It was reinforced to promote awareness of individual safety whilst in the working environment. It covers manual handling techniques, such as lifting and carrying and also