Working in England has brought the DPA (Data Protection Act) set of protection principles into focus for me. The Isle of Man Government has a nice tidy introduction site:

Personal data must be
1. Used fairly and lawfully
2. Used for specific and lawful purposes, in a manner that is compatible with those purposes
3. Adequate, relevant and not excessive
4. Accurate and where necessary kept up to date
5. Kept for no longer than necessary
6. Used in accordance with the rights of individuals under the Act
7. Kept secure to avoid unauthorised or unlawful use, accidental loss, or damage

At first glance 1 and 2 seem to overlap, and 2 and 3 seem to overlap…wonder how they came to just seven.