All businesses are currently subject to the requirements of the Data Protection Act 1998 (DPA). Under the DPA, businesses and their staff are responsible for the security, compliance and governance of their data. The role of the individual is very important in meeting these requirements. The DPA is based around eight principles of good information handling. These give people specific rights in relation to their personal information and place certain obligations on those organisations that are responsible for processing it. An overview of the main provisions of DPA can be found in the Guide to data protection on the Information Commissioner’s Office website.