Data Protection Act

The Data Protection Act requires all organisations which handle personal information to comply with a number of important principles regarding privacy and disclosure.




The Act states that anyone who processes personal information must comply with these eight principles:



It states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:



Fairly and lawfully processed

Processed for limited purposes

Adequate, relevant and not excessive

Accurate and up to date

Not kept for longer than is necessary

Processed in line with your rights

Secure

Not transferred to other countries without adequate protection

The Act also allows people to find out what personal information is held about them by making a subject access request. This covers information held electronically and in some paper records, and includes credit reference details.



If members of the public think they're being prevented from seeing information they're entitled to, they can ask us the Information Commissioner's Office to help. The Information Commissioner's Office are responsible for looking after people's rights and making sure personal information isn't misused. Complaints are usually dealt with informally, but if this isn't possible, enforcement action can be taken.



All organisations must make sure that they comply with the Data Protection Act. They provide the following kinds of guidance to find out how to comply:



Good practice notes

Codes of practice

Technical guidance notes

The guidance on Determining what is personal data and Determining what information is ‘data’ for the purposes of the DPA explains and illustrates their view of what is data and what is personal data for the purposes of the Act. It is particularly designed to help data protection practitioners decide whether the information they hold is data and whether such data falls within the definition of personal data in circumstances where this is not obvious.



You can also find out more details about your legal obligations under the Act.



Sharing personal information



They have produced the document 'Sharing Personal Information - Our approach' to explain their general approach to information sharing.



This covers issues including choice, consent, transparency, security and public law. It should help public bodies, in particular, to understand the data protection standards that we expect those involved in information sharing to meet.