Cheshire County Council Logo
|
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
 
  >> Home > Data Protection > Data Protection Homepage


Cheshire County Council
County Hall
Chester, Cheshire
CH1 1SF
Email: info@cheshire.gov.uk
www.cheshire.gov.uk
24 Hour Tel: 0845 11 333 11



Your 4 star Council
Your 4 star Council



Data Protection Homepage

Main heading

Sub-heading
data protection header

Introduction

The Data Protection Act :: Who is affected by it? :: Data Protection Principles ::
Sensitive Personal Data :: Notification :: Rights of the Data Subject :: Contact Information
Cheshire County Council Data Protection Policy

Data Protection

Data protection is about protecting everyone's privacy - protecting personal information from improper use. Public and private organisations now have the ability to collect and manipulate personal information on a scale and in ways which would have been unthinkable at the beginning of the last century, and the ordinary citizen requires some guarantee that information which he or she gives in good faith will not be misused. The measures in force to prevent abuse are set out in the Data Protection Act 1998.

The Council has responsibilities under the Act for personal information which it collects and uses about customers, clients, contractors, staff, pupils and parents - in fact everyone with whom the Council has dealings. The authority has put in place a number of measures to ensure that it is compliant.

What is the Data Protection Act?

The Data Protection Act 1998 is designed to protect personal data from any improper use. Personal data is defined as data which relates to a living individual who can be identified from that data or from that data in combination with other information which is held by the data controller - in our case the Council. It can include data in any medium, from formal reports to emails, CCTV images and photographs.

Unlike the old 1984 Act, which covered only electronic records held in computer systems, the 1998 Act, since October 2001, also extends to manual, paper records held in "relevant filing systems": essentially, any manual system from which information relating to a named individual can be easily retrieved - for example, an alphabetical series of files, or an indexed register.

The Act sets out the eight data protection principles which should underpin all our handling of personal data, and then has two main parts. The first is a duty for every authority which processes personal data to notify the Information Commissioner (formerly known as the Data Protection Registrar), who is responsible for enforcing the Act, of all the purposes for which it does so.

The second part is the right of access to personal data. Anyone whose personal data is held and processed by the Council has the right to know what that data comprises and why it is processed. This covers members of staff as well as everyone else with whom the Council has dealings.

Who is affected by it?

The Council, which is a data controller, collects and processes huge amounts of such data, about staff, social service clients, school pupils, library members, suppliers, contractors - in fact, almost everyone with whom the authority has dealings. So we are ALL affected and need to be aware of our rights as data subjects and our responsibilities in processing personal data.

What are the Data Protection Principles?

The Act requires that all personal data must be processed in accordance with 8 principles: they are that all data

  • shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;
  • shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
  • shall be accurate and, where necessary, kept up to date;
  • shall not be kept for longer than is necessary for that purpose or those purposes;
  • shall be processed in accordance with the rights of data subjects under the Act; and that:
  • appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
  • personal information shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

What is sensitive personal data?

Some personal data is defined as “sensitive personal data” and is subject to special rules. Sensitive personal data is defined as data relating to a person's:

  • racial or ethnic origin;
  • political opinions;
  • religious beliefs or other beliefs of a similar nature;
  • whether he is a member of a trade union
  • physical or mental health or condition;
  • sexual life;
  • the commission or alleged commission of any offence
    any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings and the sentence of court in such proceedings.

What is notification?

Notification is the process of informing the office of the Information Commissioner of the purposes for which the Data Controller - the Council - gathers and processes personal data. Under the 1984 Data Protection Act this process was called registration. The terms of the notification are very broad; we do not have to inform the Information Commissioner about every new database or file series which includes personal data. The notification also sets out the sources of the personal information and the potential recipients of it. The details of theCouncil's notification are available on the online Data Protection Public Register.

Rights of the Data Subject

The data subject - the person about whom we hold information - has a number of rights (subject to some exemptions and other legislative constraints). These are:

  • Subject access: the right to be informed whether the Data Controller (the Council or an agent working on its behalf) is processing personal data about him or her; if so, the right to a copy of that data, the purposes for which it is being processed and details of all those who have access to it.
  • To block processing: the right to prevent processing if it is likely to cause unwarranted substantial damage or distress to the data subject or another
  • To block processing for direct marketing: the right to prevent processing for direct marketing
  • To restrict automated processing: the right to ensure that no significant decision affecting the data subject is taken solely on the basis of automatic processing of personal data
  • Compensation: the right to compensation from the Data Controller for any damage or distress caused by contravention of the Act.
  • Rectification, blocking, erasure and destruction: the right to require the Data Controller to correct, block, erase or destroy personal data

Contact Information
 
Small text size
|
 Standard text size
|
 Large text size
|
 X-Large text size
Change Text Size

Listen to
this site 		Listen to this site using ReadSpeaker

Translate this page

Printer friendly page Printer friendly



Contact: info@cheshire.gov.uk | Disclaimer | Copyright | Legal | Access Guide | Last Edited: 18-Aug-2008