Information Privacy Principles

This act applies to all organisations that process data relating to their staff and customers. It is the main legal framework in UK that protects personal data. The act contains 8 data protection principles which are:

We also need a more secure software to keep those who are not authorized from accessing the system. One of the ways we can achieve this is by making sure the software that we have is only accessible by the staff from audit department and not our normal hospital employees (Loshin, 2011). The software also needs to be designed that once the data has been retrieved for an audit, it can no longer be changed unless it is approved through the chain of command.

Protects records that can be retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual is entitled to access to his or her records and to request correction of these records if applicable.

The data protection act- the data protection act is legislation put in place to keep personal data confidential. It can promote anti-discriminatory practice as it can stop people finding out information about individuals that the individual wants to stay private. E.g. phone numbers and addresses. These would need to stay private so people don’t find out where you live or what is wrong with you.

Data Protection Act 1998 – gives individuals the right to know what information is held about them, and those that processes personal information must comply with eight principles, which makes sure that personal information is fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate and up to date; not kept for longer than is necessary; processed in line with your rights; secure; not transferred to other countries without adequate protection;

2 The Privacy Act 1988 (Commonwealth) is the law that explains the professional, ethical obligations related to privacy and confidentiality,

The Data Protection Act 1998 defines UK law on the processing of data on identifiable living people. The act contains eight principles, which all organisations processing personal information must conform to, these are:

"There is no explicit mention of privacy in the United States Constitution. But the courts have found a constitutional basis for privacy rights in the broad sense of freedom from interference in certain intimate realms of personal life. This is based on the protection of individual liberty from government interference in the Fourth, Fifth and Fourteenth amendments to the Constitution. 3 The First Amendment protection of the freedoms of speech, assembly, religious practice, and so on, could also be seen as privacy protection in this sense. On the other hand, the right to free speech could be used to defend someone who invaded the privacy of others by publishing or disclosing their personal information.

Privacy is defined and interpreted differently depending on the person or persons involved. The one thing that is agreed upon is that privacy in all forms is a right and shall receive equal protection for all people under the laws of the constitution. This includes the right to our personal affairs to be let alone, financials, medical records, opinions, privacy of worship, privacy in our homes and intimate interactions. However right to privacy extends far beyond our personal lives and information being left alone and out of the public eye. In the past privacy was not something that was thought of so

Write down the 8 principles of practice covering confidentiality from the Data Protection Act 1998.

TFair Information Practice Principles (FIPPs), are a set of internationally recognized practices for addressing privacy of information. (Nelson & Staggers, 2014) Typical FIPPS include, individual access, correction, openness and transparency, individual choice, collection, use, and disclosure limitation, data quality and integrity, safeguards, and accountability. FIPPs, provides a framework for privacy laws and also can form the foundation for an organization or an industry’s privacy policy. That being said, this other Act’s such as, HIPPA do not formally incorporate FIPPs in the legislation, it implements all FIPPs in some way.

152), private information is managed through five guiding principles. The first of these principles is that people believe they own and have a right to control their private information, i.e. information about them is confidential and secure. For example, if one furtively struggles with a tangible or cognitive disorder, is solely the responsibility of the owner to share or disclose the nature and/or particulars of the disorder. Second, private information is controlled through the use of personal privacy rules.

The proposed product is to create a payroll system. The system will allow the employer to add and delete employee profile as well as updating other information. An employee record would contain the following details but is not limited to employee name, date of birth, address, contact numbers, national insurance number, emergency contact details, medical issues, working hours, hourly rate and exemption reasons (such as sick leave, maternity leave, annual holiday). These details are confidential and some are sensitive (e.g. known disability). Therefore the employee record must be protected according to legal legislations such as Data Protection Act (1998) and Disability Discrimination Act (1995)

Confidentiality of Information - All Users shall ensure that data are accessed only on a "Need to Know" basis, and any use of personal data will be consistent with the Federal 's legal requirements on personal privacy.

Individual Participation Principle: This gave individual rights on how his or her information is stored, used, shared, changed and ultimately, if they wished, forgotten. (OECD, 2013).