The Data Protection Act 1998 sets standards for holding, obtaining, recording,
using or sharing of personal data.
Personal data is information from which an individual can be identified e.g.
name, address, date of birth, NHS number, postcode, etc.
Sensitive personal data includes: health information, religious beliefs, ethnic
background and trade union membership.
The Data Protection Act covers all information that relates to living individuals,
including patients and staff, in both manual and electronic information form.
The Data Protection Act is set out in eight principles, which are explained further
on the Information Governance intranet pages.