Data Protection Act
WHAT IS THE DATA PROTECTION ACT?
The Data Protection Act 1998 gives all individuals a general right of access to the personal data which is held about them either on computer, or in a relevant manual filing system. These rights are known as "subject access rights".
The Act requires that we comply with the rules of good information handling practice which are commonly known as the 8 Data Protection Principles. Click here for futher information on the 8 Data Protection Principles.
The Act works in two ways.
Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records. These rights are known as "subject access rights".
EXTERNAL WEBSITES
- The Information Commissioner's Office is the UK's independent authority set up to promote access to official information and to protect personal information.
- The Data Protection Act can be viewed at the Office for Public Sector Information website.
Further information can be found via the links below
Frequently Asked Questions (7)
Providing the information you have requested is not covered by one the exemptions under the Act, we will provide it to you.
If we are unable to release the information for some reason, we will contact you to advise you of this as soon as possible. If this is the case we will also provide you with a full explanation of why you cannot access the data:
Click here for the Details of Exemptions.
Click here for advice on How to make a request
The Council may charge a fee of up to £10
You will have to pay a fee (if charged) for every request, so you will need to specify all the information you need in your first letter, otherwise you may have to pay another fee to get information that you have asked for on a different occasion.
You must write to the Council stating which information is incorrect and why, and ask for it to be corrected.
The Council must then tell you whether or not it has complied with your request within 21 days. If you are unhappy with the outcome of this you may then complain to the Council in writing and a review of the case will be undertaken by the Information Management Officer. You will be contacted with 15 days with the outcome of this review.
If you still feel the outcome of this is unsatisfactory, a complaint can be logged with the Information Commissioner.
Under Data Protection law there remain some exemptions, this information may be held by the Council but not released to the data subject even when a request has been made. See Exemptions
'Personal information' is information about a living person that can identify that individual. Information about deceased individuals is not covered under the Data Protection Act'
You are entitled to be told if any personal information is held about you and if it is, to be given:
- A copy of the information in permanent form
- An explanation of any technical or complicated terms
- Any information the Council has about where they got your information from
- A description of the information, the purposes for processing the information; and
who the Council is sharing the information with - The logic involved in any automated decisions (if you have specifically asked for this)
Last updated: Tue 12th February, 2013 @ 09:21
