Parent councils and the data protection act
What is the Act?
The Data Protection Act 1998 came into force on 1 March 2000. It sets rules for processing personal information and applies to some paper records as well asthose held on computers.
The Act and Parent Councils
The Act applies to ‘personal data’ that is, information about living individuals. Personal data includes name, address, e-mail address, telephone number and other facts about the individual. Those who process personal data must comply with the rules of good information handling (data protection principles) and the other requirements of the Act.
The principles of good information handling
The eight enforceable principles of good practice say that data must be:
fairly and lawfully processed – capture/record individual’s consent
processed for limited purposes and not in any manner incompatible with those purposes – information must not be used for secondary purposes
adequate, relevant and not excessive – capture the minimum amount of information consistent with the purpose
accurate – information must be recorded accurately
not kept for longer than is necessary – securely destroyed when no longer required
processed in line with the data subject’s rights – individual has a right of access
secure – information must be kept secure at all times
not transferred to countries without adequate protection – not applicable
Notification and Parent Councils
Normally an organisation who processes personal data on a computer is required to notify the Information Commissioner’s Office. However, Parent Councils are exempt from notification, as they are classed as not for profit organisations. Parent Councils must still comply with the data protection principles.
Useful contacts
Stirling Council Information Compliance Officer, 01786 442926
Information Commissioner's Office helpline: 01625 545745/08456 306060
You can find us on: