![Image: [Dundee City Council logo with departmental service photographs]](/dundeecity/images/dot.gif "Image: [Dundee City Council logo with departmental service photographs]")
![[Image: Header Arrow]](/dundeecity/images/arrow_grey.gif){kind=icon}
Webcam![[Image: Click for Dundee Waterfront Project]](/dundeecity/uploaded_images/image_1130_tn.gif){kind=small}
![[Image: Click for Apply for Jobs with Dundee City Council]](/dundeecity/uploaded_images/image_262_tn.gif){kind=small}
![[Image: Click for City of Discovery Campaign]](/dundeecity/uploaded_images/image_260_tn.gif){kind=small}
![[Image: Click for Dundee.com]](/dundeecity/uploaded_images/image_259_tn.gif){kind=small}
![[Image: Click for Links to Liftshare information]](/dundeecity/uploaded_images/image_884_tn.gif){kind=small}
![[Image: Click for Links to Parking information]](/dundeecity/uploaded_images/image_880_tn.gif){kind=small}
![[Image: Click for New Planning Legislation]](/dundeecity/uploaded_images/image_1193_tn.jpg){kind=small}
![[Image: Click for Report a Housing Repair Online - Council House Tenants Only]](/dundeecity/uploaded_images/image_255_tn.gif){kind=small}
![[Image: Filler Triangle]](/dundeecity/images/triangle_corner.gif){kind=small}
Data Protection Act 1998
BACKGROUND
The Data Protection Act 1984 was introduced with a view to protecting the individual from possible misuse of information stored on computer. The 1984 Act has been replaced by the Data Protection Act 1998, which is much wider in its scope, in that it now includes information contained in paper files in its definition of "data".
Broadly, the Act has two main aims. It gives data subjects (i.e. individuals about whom information is held) certain rights, including the right to access and receive a copy of the information held about them. The 1998 Act also requires data controllers (i.e. bodies who hold information about individuals, such as the Council) to follow the eight data protection principles.
The Information Commissioner has wide enforcement powers in relation to the Act and can serve Enforcement Notices on data controllers and fine them. Breaching the Act can also, in certain circumstances, be a criminal offence.
THE KEY POINTS OF THE 1998 ACT
Notification
Under the Act every organisation which uses or processes information relating to a living individual (this is known as "personal data") must formally register this fact with the Information Commissioner at regular intervals. This is called "notification". The notification to the Commissioner must include details of the type of information held, the source of the information, the purposes for which the information is being held and to whom or what the information is disclosed or released.
The notification is currently kept up to date by the Legal Manager.
Data Protection Principles
The Data Protection Principles set out in the Act operate as a mandatory code for processing personal data. (The definition of "processing" is very wide under the Act and covers everything from obtaining and gathering in information to using the information and, eventually, destroying the information.)
The eight principles can be summarised as follows:-
- personal data shall be processed fairly and lawfully.
- personal data obtained for one purpose shall not be used in a manner which is incompatible with that original purpose.
- personal data should be adequate, relevant and not excessive.
- personal data should be accurate and, where necessary, kept up to date.
- personal data shall not be kept for longer than is necessary.
- personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998.
- appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Subject to certain exceptions, members of the public are entitled to see any personal information held about themselves, to receive a copy of such information, to have it corrected where necessary and, in certain circumstances, to claim compensation for a failure to comply with the Act. The Act specifically states that all subject access requests must be made in writing. Generally speaking, a subject access request must be complied with within 40 days of receipt.
ROLES AND RESPONSIBILITIES
The Legal Manager provides legal advice on the Act, arranges for the provision of training to Elected Members and staff and arranges for Subject Access Requests to be replied to.
Department Heads are responsible for all aspects of compliance with the Act within their departments, ensuring that adequate procedures are in place for records management, back up and storage, management and destruction, where appropriate, of personal data. Each department appoints a data protection representative to co-ordinate compliance with the Act, including security, subject access requests and employee awareness.
An individual can make a Subject Access Request (SAR) . The fee for this is £10. An application form (33KB PDF) can be downloaded here.
Our Data Protection Policy is available here (24KB PDF).
Members of the public also have rights under the Freedom of Information Act (Scotland) 2002 and the Freedom of Information Act (UK) 2000 - more information on our FOISA page.
Legal Division
Support Services Department
21 City Square
Dundee DD1 3BY
Tel: 434577
Email: roger.mennie@dundeecity.gov.uk
This information is provided by the Support Services Department