Personal Data Protection in Online Services: Learning from the Mistakes of Others

The Data Protection Act 1998 (the DPA) is based around eight principles of ‘good information handling’. These give people specific rights in relation to their personal information and place certain obligations on those organisations that are responsible for processing it.

This report relates to the seventh data protection principle and is intended to inform organisations about appropriate measures to safeguard personal data being processed by their computer systems. It is particularly relevant to organisations operating in an online environment.