Data Protection Act 1998

The Data Protection Act 1998 applies to the processing, holding and deletion of personal data that identifies a living individual. It applies to personal data regardless of the format in which the data is held in, ie it applies equally to paper and electronic records.

The Data Protection Act confers enhanced rights of privacy on the individual and certain obligations on the Data Controller, ie the body processing the personal Data. There are eight data protection principles and an individual has the right to request to see their own information. The Data Protection Act is enforced by the Office of the Information Commissioner.

What are the key features of the Data Protection Act?

  • It imposes rules for organisations in the collection, processing, storage, retention and destruction of personal information
  • It protects all recorded personal information (paper and electronic)
  • It gives improved privacy rights to all individuals
  • It is enforced and promoted by the Office of the Information Commissioner

What are the eight data protection principles?

Personal Data must

  1. be processed fairly and lawfully
  2. be for a lawful and specific purpose
  3. be adequate and relevant and not excessive for the purpose
  4. be accurate and kept up to date
  5. be kept for no longer than necessary
  6. be processed in accordance with subject rights
  7. be kept securely so as to prevent unauthorised access, damage, loss etc
  8. not be transferred outside of EEA without adequate protection being ensured

What are an individual’s rights?

These rights include:

  • The right to access your own information (subject access)
  • The right to prevent processing for the purpose of direct marketing
  • The right to prevent processing likely to cause damage and distress
  • Rights in relation of automated decision making
  • Compensation for failure to comply with the Act
  • The right to request the correction, blocking, erasure and destruction of incorrect information
  • Rights to ask the Information Commissioner to investigate contravention of the Act.

How do I make a subject Access request?

Access to personal records requests must be made in writing to the Department concerned. Please state your name and date of birth and it is helpful to be as specific as possible about the information required, eg, reference to dates or events relevant to the enquiry. Requests must be responded to in more than 40 days from receipt of the request. Data controllers may charge a fee of up to £10 for responding to a subject access request. Proof of identity may be required.

In principle individuals have a right to be given a copy of all the information contained in their files. The main exceptions are:

  • If the information on a file identifies other people, ie, That information will be removed unless the third parties have agreed to the disclosure.
  • If the disclosure of the information risks serious harm to the physical or mental health of the data subject/ any other person.
  • If the individuals entitled to access has expressly asked that some or all of the information should not be disclosed (e.g. to the agent acting on their behalf) or if a third party have provided information on the assumption that it will not be disclosed;
  • If it would hinder the prevention and detection of crime or the prosecution or apprehension of offenders to provide the information.

How do I manage and safeguard my personal information?

The Information Commissioner's Office has recently published advice and guidance for members of the public on how to manage and safeguard their own personal information. A Personal Information Toolkit is available directly from the Information Commissioner's website.

What does the Data Protection Act mean for Oldham Metropolitan Borough Council?

In order to fulfil its functions there is a need to collect and use information about people with whom it works, ie, service users, employees, members of the public, suppliers etc. As Oldham Metropolitan Borough Council is a Data Controller it needs to notify the Information Commissioner the purposes for which it collects information. Failure to notify is a criminal offence. It is also needs to ensure that the handling of personal information complies with the Data Protection Principles.

If you need further information about your rights under the Data Protection Act 1998, please contact the Office of the Information Commissioners:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 01625 545700
Fax: 01625 524 510
www: www.informationcommissioner.gov.uk

If you have any

  • questions about your rights under the Data Protection Act 1998
  • complaints about the responses to your information request

Please contact the Council’s Information Manager on 0161 770 4827, e-mail information.manager@oldham.gov.uk.

Copyright © Oldham Council, All rights reserved. Legal information
Oldham Council, Civic Centre, West Street, Oldham, OL1 1UT.
Telephone 0161 770 3000

Home

Living in Oldham

Learning in Oldham

Oldham Community

Working in Oldham

Oldham Council

A-Z of Services

Factsheets

Common Questions

Recycle and Waste

Contact Us

Search



Advanced Search

Access to Information:

External Links:

Oldham Council is not responsible for the content of external Internet sites