Archive Website of the UK government

Protecting your information

The Data Protection Act's rules are quite complex, but at the heart of it are eight common sense rules known as the 'data protection principles'.

These principles require any organisation, corporation or governmental body that collects personal information to handle it safely. Anyone collecting personal information must:

• fairly and lawfully process it
• process it only for limited, specifically stated purposes
• use the information in a way that is adequate, relevant and not excessive
• use the information accurately
• keep the information on file no longer than absolutely necessary
• process the information in accordance with your legal rights
• keep the information secure
• never transfer the information outside the UK without adequate protection

All organisations collecting and using personal information are legally required to comply with these principles.

The law provides stronger protection for more sensitive information - such as your ethnic background, political opinions, religious beliefs, health, sexual life or any criminal history. It is enforced by an independent information commissioner, who can take action against any company or governmental body that fails to protect your information, or that abuses its right to collect and hold that information.

• Visit the Information Commissioner's Office website Opens new window

• Appealing against a decision made by the Information Commissioner

Finding out who knows what about you

The Data Protection Act gives you the right to find out what information about you the government and other organisations store. This is known as the 'right of subject access'. If you submit your request in writing, they are legally required to provide you with a copy of all the information they hold about you.

Some agencies or corporations may charge a fee for providing the information, but they are only allowed to charge up to £10 for digital information, or £50 for printed (i.e. non-electronic) medical records. Finding out what information about you credit reference agencies hold costs £2.

Stopping direct marketing

Some people resent the way companies and government agencies contact them directly by phone, post or even fax. You have the right to stop these direct marketing campaigns from using your personal information to contact you.

All you have to do is register your details with one of the 'preference services', which allow you to opt out of direct marketing altogether.

The links below offer more information about how you can opt out

• Mailing preference service Opens new window

• Telephone Preference Service Opens new window

• Fax preference service Opens new window

Useful contacts

• Government, citizens and rights contacts