Content
-
Reasons for/History of Data Protection
-
Definitions
-
Data Protection Principles
-
Rights of Data subjects
-
Data subject Access Request
What is Data Protection?
Acts
The Information Commissioner
-
Initially the Data Protection Registrar
-
Subsequently the Data Protection Commissioner
-
Now the Information Commissioner
-
Registration Role
-
Enforcement Role
Data Subject
-
An individual who is the subject of Personal Data.
-
Only natural persons, not companies.
-
Must be a living individual.
Personal Data
Data which relate to a living individual who can be identified:
-
from those data; OR
-
from those data and other information which is in the possession of, or is likely to come into the possession of, the Council
-
AND includes any expression of opinion about the individual and any indication of the intentions of the Council or any other person in respect of the individual.
Information which
-
is being processed by means of equipment operating automatically in response to instructions given for that purpose OR
-
is recorded with the intention that it should be processed automatically OR
-
is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system OR
-
does not fall within the above but forms part of an accessible record (Health, Education or "accessible public records")
"In practice, virtually any reference to an identifiable living individual may constitute personal data".
Eight categories of Sensitive Personal Data
-
The racial or ethnic origin of the data subject;
-
His political opinions;
-
His religious beliefs or other beliefs of a similar nature;
-
Whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992);
-
His physical or mental health or condition;
-
His sexual life;
-
The commission or alleged commission by him of any offence; or
-
Any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
Eight data protection principles
-
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:
-
at least one of the conditions in Schedule 2 of the DPA is met, and
-
in the case of sensitive personal data, at least one of the conditions in Schedule 3 of the DPA is also met.
-
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
-
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
-
Personal data shall be accurate and, where necessary, kept up to date.
-
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
-
Personal data shall be processed in accordance with the rights of data subjects under the DPA.
-
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
-
Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Rights of Data Subjects
-
To be informed whether any personal data are being processed by the Council and, if so, what they are, the purposes and to whom data may be disclosed;
-
To be informed of any potential decision based solely on automatic processing;
-
To be provided with the data (in an intelligible form) and details of where they were sourced from.
Data Subject Access Request
Third Party Data
- File on data subject could contain information on others.
- Potential conflict between data subject's right of access and third party's right to privacy.
- Can third party information be removed?
- Will third party consent to disclosure?
- If no consent is it still reasonable to disclose?
- Is there a duty of confidentiality to the third party?
- Some statutory exemptions.
Exemptions from Disclosure
-
Prevention/detection of crime.
-
Apprehension/prosecution of offenders.
-
Assessment/collection of tax/duty.
-
Processing for the discharge of statutory functions.
-
Assessment of risk in relation to the tax/duty & crime exemptions above.
-
Data relating to Health, Education & Social Work where the Secretary of State has made orders.
-
Discharge of regulatory functions.
-
References given (but not those received).
-
Management forecasting/planning.
-
Records of the Council's intentions in relation to negotiations with the data subject.
-
Information recorded by exam candidates.
-
Legal professional privilege.
Further Data Subject Rights
-
To have inaccurate data corrected or deleted;
-
To prevent processing likely to cause damage or distress;
-
To prevent processing for purposes of direct marketing;
-
To prevent automated decision taking.
Further Information
- Information Commissioner's web site:
Contact -
Data Protection Officer
Cleveland Fire Brigade HQ
Endeavour House
Stockton Road
Hartlepool
TS25 5TB
Phone - 01429 - 872311
