• Help
• Accessibility
• 1. A
  2. A
  3. A

Search Medway

• Home
• Pay
• Apply
• Report
• Popular pages
  

  Popular Pages

  • Latest news
  • Recycling in Medway
  • Public transport
  • Support for carers
  • Family Information Service
  • Housing

  Your Council

  • Your councillors by ward
  • Your council directory
  • Mayor
  • Council Tax
  • Elections and registration
  • Complaints
• Contact us

Go to navigation

Data Protection

Introduction

The Data Protection Act 1998 (www.opsi.gov.uk/) sets rules for processing personal information and applies to paper as well as electronic records. The Act applies to personal data, that is data about identifiable, living individuals (data subjects). It protects personal data by setting rules and conditions which all users of personal information (data controllers) must obey when obtaining and using information about you. The Act also provides you with certain rights, which the data controller (for example, Medway Council) must respect.

The Data Protection Principles

Anyone processing personal data must comply with the eight enforceable principles of good practice. Data must be:

• fairly and lawfully processed;
• processed for limited purposes;
• adequate, relevant and not excessive;
• accurate;
• not kept longer than necessary;
• processed in accordance with the data subject’s rights;
• secure;
• not transferred to other countries without adequate protection.

Personal data covers both facts and opinions about the individual. It also includes information regarding the intentions of the data controller towards the individual, although in some limited circumstances, exemptions will apply.

Processing personal data

The definition of data processing is far wider than under the previous legislation. For example, it incorporates the concepts of obtaining, holding and disclosing data or information. All are considered to be processing, which takes place when an operation or set of operations is carried out on personal data. The Act requires that personal data be processed fairly and lawfully. Personal data will not be considered to be processed fairly unless certain conditions are met. A data subject must be told the identity of the data controller and why that information is to be processed.

Processing may only be carried out where one of the following conditions has been met:

• the individual has given his or her consent to the processing;
• the processing is necessary for the performance of a contract with the individual;
• the processing is required under a legal obligation;
• the processing is necessary to protect the vital interests of the individual;
• the processing is necessary to carry out public functions;
• the processing is necessary to pursue the legitimate interests of the data controller or third parties (unless it could prejudice the interests of the individual).

Processing sensitive data

The Act makes specific provision for sensitive personal data. Sensitive data includes:

• racial or ethnic origin;
• political opinions;
• religious or other beliefs;
• trade union membership;
• health;
• sex life;
• criminal proceedings or convictions.

Sensitive data can only be processed under strict conditions, which include:

• having the explicit consent of the individual;
• being required by law to process the data for employment purposes;
• needing to process the information to protect the vital interests of the data subject or another;
• dealing with the administration of justice or legal proceedings.

Relevant filing systems

The Act covers information which is recorded as part of a relevant filing system. This means any set of information in which the records are structured, either by reference to individuals or by reference to criteria relating to individuals, so that specific information relating to a particular individual is readily accessible. The definition means a significant amount of manually generated data falls under the scope of the Act. The extension of the definition of data to cover accessible records means that records such as school pupil, housing, social services and health records, to which access was previously available under other legislation, are also included.

Subject access request

The Act allows individuals to find out what information is held about themselves on computer and some paper records. This is known as the right of subject access.

To make a subject access request under the Act, complete a data subject access application form. This form can be obtained from Customer First (customer.first@medway.gov.uk) or the Data Protection Officer by using the contact information at the foot of the page.

Medway Council charges a fee of £10 for each subject access request. Information should be delivered within 40 days of payment being received.

The Act contains a number of terms that have a specific meaning. A guide to the terminology is available on this website.

Medway Council’s own privacy statement is also available on this website.

For further information on the rights of individuals to access their information, visit the Information Commissioner's website at www.ico.gov.uk/.

 

Latest tweets

1. Jobs: School Challenge and Improvement Assessment Consultant http://t.co/9rrEH3sG

   @medway_council
   5:49 PM May 18

2. Jobs: Care Manager http://t.co/ML9yOtRD

   @medway_council
   5:49 PM May 18

3. Jobs: Leisure Attendant http://t.co/lihfKKV8

   @medway_council
   5:49 PM May 18

Photos of Medway from Flickr