The Data Protection Act 1998 Clause Samples

The Data Protection Act 1998. The first Data Protection principle requires, among other things, that one or more ‘conditions for processing’ must be satisfied when processing personal data. The conditions for processing take account of the nature of the personal data in question and are more exacting when the information being processed is sensitive personal data, such as information about a person’s criminal record or health. Information shared for the purposes of this Agreement will be processed in accordance with these conditions. In addition, Section 29 of this Act supports the disclosure of personal information where failing to do so would prejudice the: prevention / detection of crime and the apprehension / prosecution of offenders. For the appropriate use of this exemption the receivers of shared information should be undertaking an activity that will prevent / detect crime or apprehend / prosecute offenders. Crime and Disorder Act 1998 section 115 – allows the disclosure of information, for the purposes of reducing crime and disorder to relevant authorities (as defined by the Act) or to a person acting on behalf of such an authority.

The Data Protection Act 1998. The Data Protection 1998 governs the processing of personal data including the collection, use of and disclosure of such information. The legislation requires that data controllers meet certain obligations. It also gives individuals or ‘data subjects’ certain rights with regard to their own personal data, including that of ‘subject access’ to the information we are processing on them. The main standard for processing personal data is compliance with the eight data protection principles – see Appendix B. The most significant principle is the first principle which states that personal data shall be processed fairly and lawfully and shall not be processed unless at least one Schedule 2 condition and in the case of ‘sensitive personal data’, at least one Schedule 3 condition is also met (see Appendix B). The type of information being disclosed for the purposes of this exchange agreement will almost always be ‘sensitive personal data’ which means that at least one of both Schedule 2 and Schedule 3 conditions must be satisfied. Even in the event that the prevention and detection of crime exemption (Section 29 Data Protection Act) is being relied upon, Schedules 2 and 3 conditions must still be satisfied. Critically, any decision to share information must satisfy both the principal authority for disclosure e.g. public interest, Offender Management Act 2007 and also the Schedule 2 and Schedule 3 conditions of Data Protection Act 1998. The Principles also cover issues such as accuracy of the data, security, and the length of time the information should be retained. Each party to this agreement should have in place its own data controller and mechanisms for ensuring compliance with the Data Protection Act 1998. For probation staff, the scope and limits of any right to confidentiality arrangement which the offender can expect between him or herself and the offender manager should be clarified as part of induction procedures. Appendix B contains further considerations which have informed the development of this ISA. This appendix contains details of supporting legal considerations that inform the disclosure process. Duty of Confidence The duty of confidence falls within common law as opposed to statutory law and derives from cases considered by the courts. There are generally three categories of exception to the duty of confidence: Where there is a legal compulsion to disclose Where there is an overriding duty to protect the public Where the individual to whom the inf...

The Data Protection Act 1998 a. For the purposes of the Data Protection ▇▇▇ ▇▇▇▇, Wight Coast & Country Cottages Ltd is the sole data controller of all personal data provided to the Agency by customers and prospective customers. The Agency processes and stores your personal details and those of your Party for their administration, market analysis, operational reviews sending out particulars, occasionally sending or providing a post-holiday questionnaire and sending out the following year’s details. b. To process your booking the Agency needs to collect certain personal details from you, and members of your Party, including your name and address. The Agency may need to pass on your personal details and those of your Party to other parties who need to know them (for example the Property owner(s) and any key holder(s) of such Property (if not the Property owner(s).

The Data Protection Act 1998. The key legislation governing the obtaining, protection and use of identifiable personal information is the Data Protection Act 1998 (DPA). The DPA sets out a number of key definitions, including: • Personal Data. This is defined as data which relate to a living individual, who can be identified from that data or from that data and other information in the possession of, or likely to come in to the possession of the Data Controller. • Processing. This is defined as any operation carried out on the personal data, including collecting, storing, using and disclosing that data. • Data Controller. This is defined as a person, who either alone or jointly with other persons, determines the purposes for which and the manner in which any personal data are, or are to be, processed. • Data Subject. This is defined as a living individual to whom personal data relates. The DPA sets out eight principles that must be complied with when processing personal data. These principles are summarised below. The processing of personal information by the organisations named must comply with these principles. 1. Personal data must be processed fairly and lawfully 2. Personal data must be processed for lawful and specified purposes 3. Personal data held shall be adequate, relevant and not excessive in relation to the purposes for which it is processed 4. Personal data must be accurate and where necessary, kept up to date 5. Personal data must be held for no longer than is necessary

The Data Protection Act 1998. Anyone processing personal data must comply with the eight enforceable principles governing the use of personal information. They say that data must be: