The Information Commissioner, who oversees compliance and promotes good practice, requires all organisations, and individuals, who process personal data, to comply with the Data Protection Act 1998 (the Act) and the eight principles of 'good information handling'.
The eight principles are:
1. Personal data shall be processed fairly & lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purposes.
3. Personal data shall be adequate, relevant and not excessive.
4. Personal data shall be accurate and, where necessary kept up to date.
5. Personal data shall not be kept for longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects, including the rights to access information (Subject Access Request).
7. Personal data will be kept in an appropriately controlled and secure environment.
8. Transfers outside of the European Economic Area require adequate levels of protection.
Subject Access Requests
Section 7 of the Act gives an individual the rights to request access to any 'personal data' that they believe may be held about them, these requests are called ‘subject access requests’ (SAR). The Corporate Information Unit (CIU) has two officers, who co-ordinate and respond to such requests for a number of departments within the council including Social Services, Housing, HR, Special Educational Needs.
- Subject Access Request’s are subject to a £10 fee per person and identification must be provided before personal information is released.
- Requests must be in writing which can be an email or letter.
- A form is also available online, please click here to complete the form.
The information requested will be provided promptly and in any event within 40 calendar days of receipt of the subject access request. If the information cannot be disclosed within the time period specified, the data subject will be kept fully informed of the process and given access to any personal data that may already have been gathered.
Information requests will be dealt with in accordance with the Councils Access to Information Policy
Data Protection Act complaints/breaches
If the individual believes that the Council has not acted in accordance with the Data Protection Act 1998 they may complain in writing to the Data Protection Officer.
Data Protection Officer
Isle of Wight Council,
Isle of Wight,
If the data subject remains dissatisfied they are able to complain to the Information Commissioner or alternatively the data subject may complain directly to the Information Commissioner.
Requests from third parties
CIU also co-ordinates requests for personal information including from other agencies such as the police, other local authorities and partner agencies. This is to ensure that there is a justified reason to share the information, to apply consistency and for audit purposes. CIU will then contact the relevant department/s to discuss access to relevant information.
CIU consists of the following members of staff:
- Principal Lawyer.
- Senior Information Management Officer.
- Trainee Legal Executive.
- Information Access Officer.
- Information Access Officer.