Judge: web sites for health

December 28, 2007 0 Comments

The Data Protection Act covers the use of personal data, which is anything that could identify a living person. Any organisation collecting personal data through their Web site (or by other means) must obey this law. You must:

  • explain that you are obtaining personal data and what you are using it for:
    (a) if the data is ‘sensitive’, for example, information about ethnicity, health or disabilities, you must ask for permission first;
  • only use this data for the reason you give;
  • only ask for data that is relevant and necessary;
  • ensure that data is correct and up-to-date: (a) people can ask to see their data and correct it;
  • only keep data as long as it is necessary: (a) when it is no longer needed, or is out of date, it should be deleted;
  • abide by people’s rights;
  • keep data confidential and secure;
  • do not transfer data outside the EU.

The Office of the Information Commissioner (http://www.informationcommissioner.gov.uk/) [Opens in new browser window] enforces the Data Protection Act.

This site provides a number of guides for people producing Web sites, (http://www.informationcommissioner.gov.uk/eventual.aspx?id=87) [Opens in new browser window].

For example see “Guidance for – Private Sector – Website FAQ”.

< previous page: links  |  next page: copyright >