Data protection

The legal requirements for preserving the confidentiality of personal information about individual patients and other relevant persons and organizations (data subjects) vary from country to country. Nevertheless, the underlying principles are important and should be observed, whatever the legal requirements.

For example, the Data Protection Act 1998 for the UK implements the EU Data Protection Directive (95/46/EC). It contains data protection principles, a registration system, an independent supervisory authority to oversee data protection legislation, and the data subject's rights. It is supervised by the Information Commissioner. The Commissioner's introduction to the Act together with information and guidance is available on the Commissioner's homepage ( The Act itself can be found at The Act applies to both paper records and those held on computers. Clinical researchers and trial coordinators should therefore observe the principles of data protection, whatever the form in which the data are stored, and comply with the law of their own country.

The eight principles of data protection as set out in the 1998 Act are based upon the provisions of the Council of Europe Convention on Data Protection. They are general in nature and form a suitable basis on which to formulate common-sense rules. They apply to all personal data. These are defined as data that relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.

0 0

Post a comment