1. Justify the purpose(s) - Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian
2. Do not use personal data unless it is absolutely necessary - Personal confidential data items should not be included unless it is essential for the specified purposes for that flow
3. Use the minimum necessary personal confidential data - Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out
4. Access to personal confidential data should be on a strict need to know basis - Only those individuals who need access to personal confidential data should have access to it, an d they should only have access to the data items that they need to see.
5. Everyone with access to personal confidential data should be aware of their responsibilities
6. Comply with the law
7. The duty to share information can be as important as the duty to protect patient confidentiality - Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles.
