Which principle is NOT among the eight principles under the Data Protection Act 1998?

The question checks whether you recall the eight principles that the Data Protection Act 1998 sets out for handling personal data. Those principles cover fairness and lawfulness of processing, processing for specified and legitimate purposes, ensuring data is adequate and not excessive, keeping data accurate and up to date, retaining data only for as long as necessary, processing in line with individuals’ rights, securing data against loss or damage, and not transferring data to countries without adequate protection. Encrypting data at rest is not listed as one of these eight principles. It’s a good security practice that helps meet the general security obligation, but the Act’s principles name specific duties, and encryption is not one of them. The other statements reflect actual principles: data should be processed fairly and lawfully, for limited purposes, and not kept longer than necessary.