The Data Protection Act 1998 sets out legally binding principles for the good handling of personal information about living individuals.
Our policy sets out the standards all Council services must keep to. Each service head must make sure they use personal information lawfully.
We need to collect and use information about the people we deal with to provide our services, including members of the public, clients and customers, current, past and prospective employees and suppliers.
We are also legally required to collect and use information for laws regulating council tax and electoral registration. This personal information must be collected, used and disposed of properly and securely - whether it's on paper, in a computer, or recorded on other material.
Data Protection Act requirements
The Data Protection Act 1998 requires personal information to be:
1. Processed fairly and lawfully and not processed unless specific conditions are met.
2. Obtained only for one or more specified and lawful purposes, and not further processed in any manner incompatible with that purpose.
3. Adequate, relevant and not excessive in relation to the purpose for which it's processed.
4. Accurate and, where necessary, kept up to date.
5. Not kept for longer than is necessary.
6. Processed in accordance with the rights of data subjects under the Act.
7. Protected against unauthorised or unlawful processing, accidental loss, destruction or damage by the use of technical and organisational measures.
Our data protection commitment
We are committed to:
Observing conditions regarding the collection and use of information.
Specifying the purposes for which the information is used.
Collecting and processing information only to the extent needed to fulfil operational/service needs or to keep to legal requirements.
Ensuring the quality of information used.
Determining the length of time information is held.
Ensuring people's rights can be fully exercised under the Act. These include the right to:
be informed that processing is being undertaken
have access to one's personal information
prevent processing in certain circumstances
correct, block or erase information which is regarded as wrong information
Taking appropriate technical and organisational security measures to safeguard personal information.
Ensuring that personal information is not transferred abroad without safeguards.
We ensure that:
The Information Rights Officer takes responsibility for data protection in the organisation.
Staff managing and handling personal information are appropriately trained and supervised.
Queries about handling personal information are promptly dealt with.
Methods of handling personal information are regularly assessed and evaluated.
Performance in handling personal information is regularly assessed and evaluated.
For more information, please contact the Information Rights Officer or visit the Information Commissioner's website.