Click here to skip all navigation and jump to the content|Breckland Council Stag Logo with the text "A better place, a brighter future" in green italics
Welcome to Breckland Council
Line drawing for Breckland Council area location, the south-east corner of the UK with our stag logo situated below right of The Wash in Norfolk

Data protection

' '

INTRODUCTION

The Data Protection Act grew out of public concern about personal privacy as a direct result of the rapidly developing information technology industry. Much of the information collected, stored, processed and distributed is about living individuals.
Whenever personal data is collected and used, people’s lives can be adversely affected if something goes wrong. For example, if details are not entered correctly individuals can be unjustly refused credit, benefits, housing, or even a job. If data is not kept securely, an individual’s privacy can be affected. It is vital that those who collect and use personal data maintain the confidence of those who are asked to provide it by complying with the requirements of the Data Protection Act.

The Data Protection Act 1998 came into force on 1st March, 2000, it sets rules for processing personal information and applies to some paper records as well as those held on computers. We have a data protection policy available to download.

The data protection act in practice

The Data Protection Act applies to “personal data” that is, data about identifiable living individuals. For the Council (Data Controller) the Act places obligations on those employees who obtain, record or hold the personal data. They must be open about the use (by registering on the data protection register) and follow sound and proper practices governed by the data protection principles and the other requirements of the Data Protection Act.

The rules of good information handling

The principles

When processing personal data the Council must comply with the eight enforceable principles of good practice laid down by the Act, which states that data must be:

  1. fairly and lawfully processed
  2. processed for limited purposes and be in no way incompatible with those purposes
  3. adequate, relevant and not excessive
  4. accurate
  5. not kept for longer than is necessary
  6. processed in line with the data subject’s rights
  7. secure
  8. not transferred to countries without adequate protection.

Personal data covers both facts and opinions about the individual. It also includes information regarding the intentions of the Council towards the individual.

Processing personal data

Processing” is broadly defined and takes place when any operation or set of operations is carried out on personal data. The Act requires that personal data be processed fairly and lawfully. Personal data will not be considered to be processed fairly unless certain conditions are met.

A data subject, who is an individual and the subject of personal data, must be told the identity of the Data Controller and why that information is or is to be processed.

Processing may only be carried out where one of the following conditions has been met:

  • the individual has given his or her consent to the processing
  • the processing is necessary to carry out a contract with the individual
  • the processing is required under a legal obligation
  • the processing is necessary to protect the vital interests of the individual
  • the processing is necessary to carry out public functions
  • the processing is necessary in order to pursue the legitimate interests of the data controller or third parties (unless it could prejudice the interests of the individual).

Processing sensitive data

Sensitive data includes: racial or ethnic origin; political opinions; religious or other beliefs; trade union membership; health; sex life; criminal proceedings or convictions. Because of its sensitive nature, the Data Protection Act makes specific provision for sensitive personal data.

Sensitive data can only be processed under strict conditions, which include:

  • having the explicit consent of the individual
  • being required by law to process the data for employment purposes
  • needing to process the information in order to protect the vital interests of the data subject or another
  • dealing with the administration of justice or legal proceedings.

Paper files

The Data Protection Act covers information which is recorded as part of a “relevant filing system”, that is, a set of information in which the records are structured, either by reference to individuals or by reference to criteria relating to individuals, so that ‘specific information relating to a particular individual is readily accessible’. The definition means a significant amount of manual data falls under the scope of the Data Protection Act, as does the extension of the definition of data to cover ‘accessible records’. Accessible records are broadly: school pupil, housing, social services and health records to which access was previously available under other legislation.

The rights of individuals

The right of subject access

The Data Protection Act allows individuals to find out what information is held by the Council about themselves on computer and some paper records. This is known as "the right of subject access". The Council has a standard Subject Access Request Form that can be obtained from the Council’s Data Protection Officer or Human Resources. To ensure a proper response, all requests must be dealt with through the Data Protection Officer. A charge of £10 may be made for the information required.

The right of rectification, blocking, erasure and destruction

The Data Protection Act allows individuals to apply to the Court to order a data controller to rectify, block, erase or destroy personal details if they are inaccurate or contain expressions of opinion which are based on inaccurate data.

The right to prevent processing

A data subject can ask a data controller to stop or request that they do not begin processing data relating to him or her where it is causing, or is likely to cause, substantial unwarranted damage or substantial distress to themselves or anyone else.
However, this right is not available in all cases and data controllers do not always have to comply with the request.

The right to compensation

A data subject can claim compensation from a data controller for damage or damage and distress caused by any breach of the Data Protection Act.
Compensation for distress alone can only be claimed in limited circumstances.

How to contact the Commissioners Office

Further information about compliance with the Data Protection Act can be obtained from:

The Information Commissioners Office
Wycliffe House
Water Lane
WILMSLOW
Cheshire
SK9 5AF

Telephone
01625 545745

website
www.ico.gov.uk