The Data Protection Act of 1984 and 1998 were passed in the UK to protect personal privacy and regulate the use of personal data. The acts give individuals rights over their data and require organizations to only collect and process data fairly, securely and transparently. An Information Commissioner was established to enforce the acts and ensure compliance with data protection principles. The principles require data to be obtained lawfully, securely stored, accurate, and not excessive or kept longer than needed. Individuals have rights to access and correct their data.