The Data Protection Act regulates the way in which personal information about individuals, whether held on a computer or in a manual filing system, is obtained, stored, used and disclosed.
It grants rights to individuals to see the data stored about them and to require modification of the data if it is wrong. We are registered with the Information Commissioner for the purposes of the Act.
The Data Protection Act 1998 contains 8 governing Principles relating to the collection, use, processing and disclosure of data, and the rights of data subjects to have access to personal data concerning themselves.
These Principles ensure that all data shall:
The Council will hold the minimum personal data necessary to enable it to perform its functions. The data will be erased once the need to hold it has passed. Every effort will be made to ensure that data is accurate and up-to-date, and that inaccuracies are corrected quickly. Details of what the Council does with personal data it holds is contained in its Personal Information Policy which is accessible on each page on the Council’s website in paper format
The Council will normally provide any individual who requests it, in a specified manner, a reply stating whether or not the Council holds personal data about that individual for which a fee is payable.
To enable the Council to comply with your request to see your personal information, make a subject access request.
Disclosures of information must be in accordance with the provisions of the Act and the Council’s registration/notification. Where the Council has a duty to disclose certain data to public authorities (such as Inland Revenue, Customs and Excise, Benefits Agency), this will be done in accordance with statutory and other requirements.
Legal and internal rules limit disclosure within the authority either to council officers or elected members. When a request for information is made, the minimum of personal data will be made available on a need to know basis.
The Council intends that personal data must be treated as confidential. All staff must comply with the Council’s Data Protection Policy, Confidentiality & Information Security and all new staff must sign a confidentiality agreement.
It is the aim of the Council that all staff are fully informed of their obligations under the Data Protection Acts and aware of their personal liabilities, and where appropriate training is given.
Disciplinary action may be taken against any employee who breaches the Data Protection Act principles.
Day to day responsibility for administration and compliance with the Act is delegated to departmental Information Managers.
All Officers and Members (Councillors) have a duty to observe the Principles of the Act and the procedures referred to in this document.
Councillors are data controllers when they process personal data either manually or by computer, whether on their own equipment or on equipment provided to them by their local authority. Just as any other individual holding and processing personal information about others, Councillors need to comply with the Data Protection Act, and need be individually registered with the Information Commissioner.
However, where holding and processing personal data about individuals in the course of undertaking council business, the elected member will be covered by the authority’s notification and have the same responsibilities in respect of data protection as an employee of the authority.
Updated: 19 April 2017