What is the Data Protection Act?
The Data Protection Act grew out of public concern about personal privacy in the face of rapidly developing computer technology.
The Data Protection Act 1998 regulates the processing of information relating to a living individual. This includes obtaining, holding, using or disclosing such information. It covers manual filing systems and records as well as computerised ones, card indexes and microfiche. The new Act is subject to a phasing in period and not all conditions will apply straight away.
Your Rights Under the Act
The Act gives you as an individual rights on how personal information about you is obtained, processed, stored and disclosed to other people. You are entitled to know:
- What type of information is being held
- What purpose the information is being used for.
- Who has access to the information and who it may be disclosed to.
Right of Correction or Removal
If you believe that personal data held by the Council is inaccurate or out of date you have the right to ask for this information to be changed provided the Council are satisfied that an error exists.
Right of Access
The Act gives you or your representative the right to see most records processed by or on behalf of the Council containing personal information about you. You will be required to provide proof of identity. There are exceptions to this such as mental health records and records involving social care services where additional legislation to limits access to personal data exists.
If you provide information in confidence about another individual your personal details will not be disclosed unless the Council obtains your permission. There are exceptions to this such as court orders and protection of the public.
How to See Your Records
A fee of £10 per application is required before any searches can be made. The Council has 40 working days in which to provide the information as long as you or your representative has supplied sufficient information. You can apply to see a record using the following form. Once completed please post the
application form to the Data Protection Officer. The address is shown at the end of the form.
For more information on data protection visit the Information Commissioner web site by clicking
here
The Act lays down 8 principles by which a registered authority like Milton Keynes Council can lawfully process information about a living individual.
8 Principles
1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purpose(s), and shall not be further processed in any manner incompatible with that purpose(s).
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose(s) shall not be kept for longer than is necessary for the purpose(s).
6. Personal data shall be processed in accordance with the rights of the data subject.
7. A registered authority such as the Council must ensure appropriate security to protect personal data against unauthorised or unlawful access and accidental loss or destruction.
8. Personal data shall not be transferred to a country or territory outside the European
Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals.
Chief Executive Home Page
