The Data Protection Act was introduced in 1998 to protect the personal information of individuals. It gives individuals the right to know what information is held about them and provides a framework to ensure that personal information is handled properly.
Find out more information on the Data Protection Act and on what you can expect from an organisation that collects your information.
What is personal information?
The council needs to collect and use certain types of information about people it deals with in order to operate. This personal information must be dealt with properly - however it is collected, recorded, used or disposed of. This is regardless of whether it is on paper, held on a computer, or recorded on other material. Personal information is any information that can be used to identify you as an individual, for example:
- your name
- your address
- your date of birth
- information contained in your passport
- your religious beliefs
- your image
Your personal information is valuable, so you should treat it as you would any other valuable item.
How does the Data Protection Act affect me?
The Act ensures that any personal information provided by you or others about you must be:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with your rights
- not transferred to other countries without adequate protection.
These are also known as the eight Data Protection principles.
When you provide us with personal information, we will tell you what we are going to use it for and who we may share it with. This will normally be a statement on an application form. If we wish to use your personal information for a different purpose we will probably need your consent to do so. There are times when the council has to share your information, for example, where there is a statutory requirement or it is lawful to do so.
What are my rights?
Individuals have the following rights under the Data Protection Act:
- a right of access to a copy of their personal data
- a right to object to processing that is likely to cause or is causing damage or distress
- a right to prevent processing for direct marketing
- a right to object to decisions being taken by automated means
- a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- a right to claim compensation for damages caused by a breach of the Act.
Visit the Information Commissioner's website for more information about further rights under the Data Protection Act.
Accessing your personal information
The Data Protection Act allows you to find out what information we hold about you. You can do this by submitting a Subject Access Request.
The information below will provide you with details on how to submit a Subject Access Request.
Is there a charge for a Subject Access Request?
Under the Data Protection Act, we can charge you £10. This fee must be paid before we start to gather the information we hold about you.
Payment can be made by phoning the council's contact centre on 01256 844844. Please say that you are making a payment for a Subject Access Request under the Data Protection Act and quote the code 1-MTR52130-YE36. Alternatively, please send a cheque made payable to Basingstoke and Deane Borough Council to the Information Governance Officer at the address provided below.
What must my request include?
You must submit your request in writing and include the following information:
- your name and address
- a copy of your proof of identity, for example your birth certificate or driving licence and your current address
- as much detail as possible regarding the information you wish to access, for example council tax references, benefit claim references or details of departments that you have dealt with.
When can I expect to receive a response to my request?
We will try and respond to you as soon as possible and no later than 40 calendar days after receiving your request, payment and proof of identity. In our response, we will:
- provide you with a copy of the information that we hold about you
- provide you with an explanation of any terms in the information that you may not easily understand
- advise you if no information is held about you
- explain to you if there are any reasons why we cannot provide you with all the information that we hold about you.
What if I'm not satisfied with the council's response?
If you are not happy with the information we have provided, you can appeal to the Information Commissioner's office (ICO). The ICO is an independent body set up to uphold information rights in the public interest. The ICO can be contacted at:
Cheshire SK9 5AF
0303 123 1113.
Information Management Policy
Basingstoke and Deane Borough Council is fully committed to compliance with the requirements of the Data Protection Act 1998. We will therefore follow procedures that aim to ensure that all staff, councillors, contractors and any other parties who have access to personal data held by, or on behalf of the council are fully aware of and abide by their duties and responsibilities under the Act.
A copy of the council's Information Management Policy is below.
Data Protection breach
If you are concerned that we are in breach of any of the Data Protection Act principles, firstly write to the Information Governance Officer, by emailing email@example.com or by writing to the Information Governance Officer at:
Information Governance Officer
Basingstoke and Deane Borough Council
Information Governance Officer
Telephone: 01256 845369