The Data Protection Act 1998 applies to the processing, holding and deletion of personal data that identifies a living individual. It applies to personal data regardless of the format in which the data is held in (in other words, it applies equally to paper and electronic records).

The Data Protection Act confers enhanced rights of privacy on the individual and certain obligations on the Data Controller (the body processing the personal data).

There are eight data protection principles and an individual has the right to request to see their own information.

The Data Protection Act is enforced by the Office of the Information Commissioner.

About the Act

You can find out about the Act and its principles on the Information Commissioner's Office website.

You can also find out about your rights under the Data Protection Act, and other acts related to information handling and communication.

Access your personal information

Access to personal records requests must be made in writing to the Council department concerned.

Please state your name and date of birth, and it is helpful to be as specific as possible about the information required, eg, reference to dates or events relevant to the enquiry.

Requests must be responded to in no more than 40 days from receipt of the request.

Data controllers may charge a fee of up to £10 for responding to a subject access request.

Proof of identity may be required.

In principle individuals have a right to be given a copy of all the information contained in their files. The main exceptions are:

  • If the information on a file identifies other people (that information will be removed unless the third parties have agreed to the disclosure)
  • If the disclosure of the information risks serious harm to the physical or mental health of the data subject/any other person
  • If the individuals entitled to access has expressly asked that some or all of the information should not be disclosed (e.g. to the agent acting on their behalf) or if a third party have provided information on the assumption that it will not be disclosed
  • If it would hinder the prevention and detection of crime or the prosecution or apprehension of offenders to provide the information.

Protect your personal information

The Information Commissioner's Office offers advice on how to manage and safeguard own personal information.

What does the Data Protection Act mean for the Council?

In order to fulfil its functions there is a need to collect and use information about people with whom the Council works (e.g. service users, employees, members of the public, suppliers).

As the Council is a Data Controller it needs to notify the Information Commissioner of the purposes for which it collects information.

Failure to notify is a criminal offence.

The Council also needs to ensure that the handling of personal information complies with the Data Protection Principles.

If you need further information about your rights under the Data Protection Act 1998, please contact the Office of the Information Commissioners.

Relationship with Re-use of Public Sector Information Regulations

On 1 July 2005 a new directive, the Re-use of Public Sector Information Regulations 2005 SI 2005 No. 1515 (PSI) was introduced to allow people to apply to re-use information we hold. 

Re-use means using the information for a purpose other than the purpose for which the document was originally produced.This could include for a commercial purpose.