6.1 Data protection legislation

Organisations have always retained a certain amount of information about people in their manual filing systems – for example, records relating to employees, customers, students or hospital patients. This information could be misused – for example, being passed to others who have no right to such information, as with the unauthorised passing of a patient’s medical history to an insurance company that is considering insuring that individual’s life. However, such misuses were historically limited in their scope by the limitations of manual filing technologies; focused legal measures and codes of practice usually sufficed to protect such data.

The arrival of information technologies changed this completely. IT enables much more rapid searching and collating of data, and transmission of such data around the world. Concerns over such issues led to the enacting of data protection legislation – in the UK first in 1984, with later updates. Similar laws now pertain in many jurisdictions; all embody essentially the same principles.