Data Protection

Data Protection Act 1998

The Data Protection Act 1998 provides individuals with a right of access to information that may be held about themselves. This is called subject access. It is a qualified right of access, which does not extend to certain types of information including that which might identify other individuals whose data is held under a duty of confidence.

The Act places a legal responsibility on Cleveland Fire Brigade to ensure that data collected and processed receives the highest level of protection. The Act also provides individuals who are the subject of personal data (data subjects) with certain rights to ensure that data held is accurate and up to date.

Subject access request

The Subject Access provisions of the Data Protection Act give an individual the right to have a copy of any personal data held about them. Section 7 of the Data Protection Act 1998 states that a ‘data subject’ (the person about whom the personal data refers) is entitled, upon written request, to be informed whether or not personal data is held or processed about them.

If you wish to make a subject access request to find out what information is held about you, you can apply here by completing and returning the Subject Access Form.  You will need to read the Subject Access Guidance that accompany this form and send it to the contact details set out below.

Cleveland Fire Brigade is under a statutory duty to comply with your request within 40 calendar days.

A £10 statutory fee will apply to all Subject Access Requests

Please write to:

Data Protection Officer
ICT Department
Cleveland Fire Brigade Headquarters
Endeavour House
Stockton Road
TS25 5TB


National Fraud Initiative

The Audit Commission

Cleveland Fire Authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds to prevent and detect fraud.

The Audit Commission appoints the auditor to audit the accounts of Cleveland Fire Authority. It is also responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one organisation against other computer records held by the same or another organisation to see how far they match. This usually involves personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether fraud has taken place, there is some kind of error or there is another explanation for the discrepancy until an investigation is carried out.

The Audit Commission currently requires the Authority to participate in a data matching exercise to assist in the prevention and detection of fraud. The Authority has been asked to provide particular sets of data to the Audit Commission for matching for each exercise. These are set out in the Audit Commission’s guidance, which can be found at

The use of data by the Audit Commission in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.

Data matching by the Audit Commission is subject to a code of practice. This may be found at

For further information on the Audit Commission’s legal powers and the reasons why it matches particular information: