Hi william,
The Data Protection Act requires that appropriate security measures are in place to safeguard against unauthorised or unlawful access/processing of personal data. It contains eight Data Protection Principles. These state that all data must be: Processed fairly and lawfully; Obtained & used only for specified and lawful purposes; Adequate, relevant and not excessive; Accurate, and where necessary, kept up to date; Kept for no longer than necessary; Processed in accordance with the individuals rights (as defined); Kept secure; Transferred only to countries that offer adequate data protection.
See here for the Health and Social Care Act (Regulated activities) Essential Standards:
http://www.cqc.org.uk/sites/default/files/media/documents/essential_standards_of_quality_and_safety_march_2010_final_0.pdfFor codes of practice see here:
http://www.gscc.org.uk/cmsFiles/CodesofPracticeforSocialCareWorkers.pdfWhat do these say about handling information?
Hope that helps
Aunty Sue