About the Data Protection Act 1998 and how it applies to accessing personal records.
The Data Protection Act 1998 defines the law on the processing of data on identifiable living people (personal data). It sets rules for processing personal information. This includes information held in paper files as well as that held electronically.
All private companies and public organisations are legally obliged to comply with the Act.
The rules of good information handling – the principles
The Act defines eight data protection principles. They say that personal data must be:
- fairly and lawfully processed
- only used for the specific purposes for which it was collected
- adequate, relevant and not excessive
- accurate and kept up to date
- not kept for longer than necessary
- processed in line with the data subject’s rights
- held securely
- not transferred to other countries without adequate protection.
Personal data covers both facts and opinions about the individual; it also includes information regarding the intentions of the holder of the information towards the individual.
Some particular types of information about the individual require special treatment within the Data Protection Act, and are known as ‘sensitive data.’ This includes information relating to:
- racial or ethnic origin
- political opinions religious or other beliefs
- trade union membership
- sex life
- criminal proceedings or convictions.
The Data Protection Act makes specific provision for the collection and processing of 'sensitive data'. To process it you must:
- have the explicit consent of the individual (written consent obtained when the information is collected) or,
- required by law to process the data for employment purposes
- needing to process the information in order to protect the vital interests of the data subject
- dealing with the administration of justice or legal proceedings.
The Data Protection Act gives rights to individuals in respect of personal data that the Council holds about them. These are:
- to ask the Council if it holds personal information about you
- to ask what it uses the information for
- to be given a copy of the information
- to be given details about the purposes for which the Council uses the information and of other organisations or persons to whom it was disclosed
- to ask for incorrect data to be corrected
- to ask the Council not to use personal information about you for direct marketing
- to ask the Council not to make decisions about you based solely on the automatic processing of data
- to compensation for damage or distress should these be caused by the Council’s failure to comply with certain requirements of the Act.
Subject Access Requests
If you wish to receive a copy of the information that the Council holds about you please download and complete this form:
Return it to the Information Officer (at the address below) together with the identity documents detailed on the form, and a £10 cheque for the administration fee to:
Reigate & Banstead BC
Town Hall, Castlefield Road
Reigate, Surrey, RH2 0SH
Telephone: 01737 276141
Data Protection Policy
You can view the same document here in either Word or PDF format:
Regulation of Investigatory Powers Act (2000) (RIPA).
The Regulation of Investigatory Powers Act 2000 (RIPA) sought to protect a person's human rights whilst ensuring that enforcement and security agencies could function effectively. RIPA sets out the statutory mechanism for covert surveillance, the use of covert human intelligence sources and the obtaining and disclosing of communications data.
More information is availble below: