Data Protection Act 1998

Guidance Notes

Data is information that is:

• Being processed by means of equipment operating automatically in response to instructions given for that purpose e.g. payroll system
• Recorded with the intention that it should be processed by means of such equipment e.g. CD ROM
• Recorded as part of a relevant filing system
• One of a number of records to which public access is allowed

Data Controller means the Council as the organisation who determines how data is processed. This is the person or legal entity that is liable if there is a breach of the Act.

Data Processor means any person, other than an employee of the Council, who processes data on behalf of the Data Controller e.g. someone contracted to the Council to print documents.

Data Subject is the individual about whom the data is held.

Personal Data means data about living individual who can be identified from that information. Sensitive Personal Data includes information surrounding the individual’s health, race, political opinion, etc.

Processing means obtaining, recording or holding information or data or carrying out any operation on the information or data.

The main duties of the Data Protection Officer are:

• Maintenance of the Council’s registration
• Development, updating and publication of data protection procedures for the Council
• Maintenance of the internal register of sources and disclosures and in association with Quality and Audit to audit procedures and practices
• Initial contact point

Data Protection Principles – These are the minimum standards of practice for any organisation with respect to the processing of personal data.

• Personnel data must be processed fairly and lawfully e.g. with the subject’s consent or because it is necessary to do so
• Data should be processed for one or more lawful purposes and not further processed for incompatible purposes
• Data shall be adequate, relevant and not excessive
• Data shall be accurate and where necessary kept up to date
• Data shall not be kept for longer than necessary
• Data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998
• Appropriate technical and organisational measures shall be taken to prevent unauthorised/unlawful processing of data or accidental loss of destruction of or damage to data
• Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for rights and freedoms of data subjects in relation to the processing of personal data

Data Controllers must ensure that there is a set of information about individuals, a structure by way of a common identifier e.g. employee number, specific information about an individual must be readily accessible.

Main Offences

The main offences under the Act revolve around processing without notification:

Failing to notify Commissioner of changes in your circumstances
• Failing to comply with written requests
• Failing to comply with enforcement notices
• Knowingly or recklessly making false statement in compliance with an information notice
• Intentional obstruction of, or failure to give reasonable assistance in, execution of a warrant
• It is also an offence for a person with the consent of the Data Controller, knowingly or recklessly to: obtain or disclose personal data or the information contained in personal data
• Unlawful selling of personal data
• Unlawful disclosure of information by commissioner/staff/agent

The Act applies to all systems irrespective of size or purpose of use. In criminal proceedings the defence will usually seek assurance that CCTV cameras were registered and used in accordance with the Data Protection Act.

If a member of the public wishes to view footage they must apply in writing stating the purpose of the request and specify the time, location they are interested in etc. Request for data incurs a fee of £10.00. The Data Controller must respond and provide a hard copy or slow down the recording of normal speed. Other subjects should be "blanked out".

Website Addresses:

• www.ico.gov.uk
• Copy of the Act available on www.hmso.gov.uk/acts/acts1998

Any problems or queries regarding data protection please call 01606 867767 or 01606 867604 or email info@northwichvision.org.