Currently, the United Kingdom's Data Protection Act governs how personal information is processed and used by organisations and the government. The Data Protection Act is especially relevant to businesses that rely on IT software to store data and information.
Enacted in 1998, the Data Protection Act sought to improve data privacy standards and enable citizens to access and control their personal information. With the exception of national security or criminal concerns, all organisations that store any "identifiable" information, such as names, addresses, or emails, must follow the Data Protection Act and pursue the necessary measures to protect the data and security of users. According to the government's website, there are stronger legal protective measures and repercussions associated with more sensitive information, such as ethnicity, political beliefs, and health.