Judge: web sites for health
The Data Protection Act covers the use of personal data, which is anything that could identify a living person. Any organisation collecting personal data through their Web site (or by other means) must obey this law. You must:
- explain that you are obtaining personal data and what you are using it for:
(a) if the data is ‘sensitive’, for example, information about ethnicity, health or disabilities, you must ask for permission first;
- only use this data for the reason you give;
- only ask for data that is relevant and necessary;
- ensure that data is correct and up-to-date: (a) people can ask to see their data and correct it;
- only keep data as long as it is necessary: (a) when it is no longer needed, or is out of date, it should be deleted;
- abide by people’s rights;
- keep data confidential and secure;
- do not transfer data outside the EU.
The Office of the Information Commissioner (http://www.informationcommissioner.gov.uk/) [Opens in new browser window] enforces the Data Protection Act.
This site provides a number of guides for people producing Web sites, (http://www.informationcommissioner.gov.uk/eventual.aspx?id=87) [Opens in new browser window].
For example see “Guidance for – Private Sector – Website FAQ”.
< previous page: links | next page: copyright >