Parent councils and the data protection act
What is the Act?...
The Data Protection Act 1998 came into force on 1 March 2000. It sets rules for processing personal information and applies to some paper records as well as those held on computers.
The Act and Parent Councils...
The Act applies to ‘personal data’ that is, information about living individuals. Personal data includes name, address, e-mail address, telephone number and other facts about the individual. Those who process personal data must comply with the rules of good information handling (data protection principles) and the other requirements of the Act.
The principles of good information handling...
The eight enforceable principles of good practice say that data must be...
- fairly and lawfully processed – capture/record individual’s consent
- processed for limited purposes and not in any manner incompatible with those purposes – information must not be used for secondary purposes
- adequate, relevant and not excessive – capture the minimum amount of information consistent with the purpose
- accurate – information must be recorded accurately
- not kept for longer than is necessary – securely destroyed when no longer required
- processed in line with the data subject’s rights – individual has a right of access
- secure – information must be kept secure at all times
- not transferred to countries without adequate protection – not applicable
Notification and Parent Councils...
Normally an organisation who processes personal data on a computer is required to notify the Information Commissioner’s Office. However, Parent Councils are exempt from notification, as they are classed as not for profit organisations. Parent Councils must still comply with the data protection principles.
Stirling Council Information Compliance Officer, 01786 233989
Information Commissioner's Office helpline: 01625 545745/08456 306060