This legislation puts into effect the UK European Directive 95/46/EC on the processing of personal data, whether paper or computer records. The Act is based on eight principles, the first of which stipulates that ‘personal data shall be processed fairly and lawfully’. Therefore safeguards are mandatory to preserve confidentiality when using data obtained from patients for research work, especially EPIDEMIOLOGICAL studies. Health authorities, hospitals and primary care trusts in the NHS have appointed CALDICOTT GUARDIANs, named after a review of information that identifies patients. A prime responsibility of a guardian is to supervise local protocols for the protection and use of identifiable information obtained from patients. Consequently, researchers have to ensure that data are fully anonymised whenever possible. There is also, in the UK, a Common Law right to privacy and other legislation requires researchers to seek support from the Department of Health to override that right, which is granted only after rigorous conditions have been met to prevent any leakage of confidential information. (See ETHICS.)