Summarise the main points of legal requirements and codes of practice for handling information in care settings

In the previous section, we had a quick look at some of the legislation and codes of practice related to handling information in care settings. In this section, we will look at them in a bit more detail.

Data Protection Act 2018 and General Data Protection Regulations 2018

The Data Protection Act (DPA) 2018 sets out the law that organisations must follow when handling the personal information of individuals. The General Data Protection Regulations (GDPR) 2018 complements the DPA and brings data protection in line with European Union law. There are eight principles that must be followed:

1. Personal data shall be processed fairly & lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose(s).
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
4. Personal data shall be accurate and where necessary kept up to date.
5. Personal data processed for any purpose(s) shall not be kept longer than is necessary for that purpose.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Freedom of Information Act 2000

This act allows individuals to request information from public bodies such as the NHS, local authorities and government departments. Public bodies must respond with the information requested or a good reason as to why the information cannot be shared. This aims to ensure accountability and transparency relating to how tax-payers money is spent.

Common-Law Duty of Confidentiality

Whilst some laws are created by parliament, other laws are applied by referencing previous cases and using them as precedents for future legal decisions.

Duty of confidentiality is an example of this type of ‘case law’ and states that confidentiality should be upheld where reasonably expected to be applicable, such as when an individual shares personal information with health and care services.

Personal information can then only be shared legally where the individual has consented or if it is required to safeguard the individual or comply with the law.