The six data protection principles

Samvel Gevorgyan
I cover cybercrime, privacy and security in digital form.

Protecting sensitive data is the end goal of almost all IT security measures. Two strong arguments for protecting sensitive data are to avoid identity theft and to protect privacy.

SEE ALSO: Facebook loses control of over 50 million users data

The more valuable the information in your database, the more likely it is to be targeted. If your records include sensitive or financial information that could facilitate fraud, your database will be more appealing to hackers who can use or sell this information for financial gain.

Why should we care about personal data?

Any information which can identify a living person and can be accessed or processed is personal data. Examples of personal data includes names, phone numbers, addresses, identity card numbers, photos, medical records, employment records and credit reports. Persons who control the collection, holding, processing or use of the data, known as data users should follow these six data protection principles to protect the rights of any individuals, known as data subjects.

The six data protection principles cover the life cycle of a piece of personal data from collection, retention, use to destruction.

Collection purpose and means

Accuracy and retention

Data use

Security and data destruction


Data access and correction


If the data user contravenes these six data protection principles the Privacy Commisioner may serve an Enforcement Notice on it directing it to remedy the contravention.

None-compliance with the Enforcement Notice is an offence. An individual who suffers damage by reason of a contravention of the Ordinance may seek compensation from the data user concerned through civil proceedings.

Personal information is like money. Value it. Protect it.

Share this article

Comments ()

Recommended articles

Instant notifications

Subscribe to our Telegram channel to instantly receieve the latest cybersecurity news, resources and analysis.