#### 12 Retention and security of personal information 12 Retention and security of personal information > A public sector agency that holds personal information must ensure— > > > (a) that the information is kept for no longer than is necessary for the purposes for which the information may lawfully be used, and > > > (b) that the information is disposed of securely and in accordance with any requirements for the retention and disposal of personal information, and > > > (c) that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse, and > > > (d) that, if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or disclosure of the information.

Previous section11Other requirements relating to collection of personal information Next section13Information about personal information held by agencies

Section 12 - Privacy and Personal Information Protection Act 1998 - Retention and security of personal information — Zoe