Data protection

Data protection

What is Data Protection?

Local Government holds vast amounts of personal information about residents, local businesses and voluntary organisations. A great deal of this is collected for very specific purposes and the way that information is held and stored is regulated by the Data Protection Act 1998.

The Act was introduced to ensure that information held about people, both in manual filing systems and on computer, is used fairly and responsibly. It applies to living individuals, referred to in the Act as 'Data Subjects'. The Act does not apply to information that is not personal i.e. information about property or the environment, however this information can have "personal" aspects to it.

The Act safeguards information that people give about themselves and ensures that it is compatible with the purpose for which it was initially collected. It gives people confidence that information will be kept securely and not passed on indiscriminately so that they end up receiving lots of junk mail about services they don't want.

The Act also allows individuals to request the Council to rectify, block, erase or destroy personal details if they are inaccurate or contain expressions of opinion which are based on inaccurate data.

Subject Access Request (SAR)

Individuals also have the right to request a copy of the data or information that is kept about them. This is known as a Subject Access Request (SAR).
To make a SAR, you need to contact the Council's Data Protection Officer for further details at

The Data Protection Act 1998 - The Eight Principles

The Act has eight principles which all data controllers must abide by when dealing with any personal data:

Data Protection - The Eight Principles
1. Personal data must be obtained and processed fairly and lawfully.
2. Data shall only be obtained for one or more specified and lawful purposes, and shall not be further processed.
3. Data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed.
4. Data must be accurate and where necessary kept up to date.
5. Data should only be held for as long as necessary.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects.

Information Commissioner

The Information Commissioner's Office (ICO) is the UK's independent authority set up to promote access to official information and protect personal information by promoting good practice, ruling on eligible complaints, providing information to individuals and organisations, and taking appropriate action when the law is broken. However it is important to note that the Commissioner will only consider complaints when the complainant has exhausted the complaints route of the organisation that they have requested information from. In this case any dissatisfaction with the outcome of an information or SAR request must be submitted in writing using the Council's complaints procedure and only when this has finished can a complaint or appeal be lodged with the Commissioners office.

For more information on the work of the Information Commissioner:

Tel: 08456 30 60 60, 01625 54 57 45
The Information Commissioner's Office
Wycliffe House
Water Lane

Information Commissioner's Office

Information Tribunals Service

Once any complaints or issues have been resolved by the Information Commissioner their decisions can be appealed and these are heard by the Information Tribunals Service.

Information Tribunals Service