1.1. Epping Forest District Council is fully committed to compliance with the requirements of the Data Protection Act 1998 which came into force on the 1st March 2000. 1.2. The council will therefore follow procedures that aim to ensure that all employees, elected members, contractors, agents, consultants, partners or other servants of the council who have access to any personal data held by or on behalf of the council (for the purposes of this policy these are termed ‘users’), are fully aware of and abide by their duties and responsibilities under the Act.
1.3. In order to operate efficiently, Epping Forest District Council has to collect and use information about people with whom it works. These may include members of the public, current, past and prospective employees, clients and customers, and suppliers. In addition, it may be required by law to collect and use information in order to comply with the requirements of central government.
1.4. Personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this. 1.5. Epping Forest District Council regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the council and those with whom it carries out business. The council will ensure that it treats personal information lawfully and correctly.
1.6. To this end the council fully endorses and adheres to the Principles of Data Protection as set out in the Data Protection Act 1998.
1.7. All services must comply with this policy. All staff should be familiar with this policy and the confidentiality issues involved.
1.8. Assistant Director (ICT) is responsible for developing and maintaining this policy.
2.1. The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice. These Principles are legally enforceable.
2.2. The Principles require that personal information:
Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
Shall be accurate and where necessary, kept up to date;
Shall not be kept for longer than is necessary for that purpose or those purposes;
Shall be processed in accordance with the rights of data subjects under the Act; Shall be kept secure i.e. protected by an appropriate degree of security; Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
2.3. The Act provides conditions for the processing of any personal data. It also makes a distinction between personal data and ”sensitive” personal data. 2.4. Personal data is defined as, data relating to a living individual who can be identified from:
That data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.
2.5. Sensitive personal data is defined as personal data consisting of information as to:
Racial or ethnic origin;
Religious or other beliefs;
Trade union membership;
Physical or mental health or condition;
Criminal proceedings or convictions.
Please join StudyMode to read the full document