skip to content

Data Protection Policy

You are in:  Home Page  >   Council & Democracy  >   Data Protection & Freedom of Information  >   Data Protection Policy

Barrow-in-Furness Data Protection Policy. Includes scope and access rights under the Data Protection Act 1998

 
 
This policy bas been formally adopted by the Barrow-in-Furness Borough (the Council), and applies to all employees, and those acting on the Council's behalf.

Scope

An essential activity within the Council is the requirement to gather and process information about its staff and people in the community in order to operate effectively. This will be done in accordance with the Data Protection Act 1998 (the Act), and other related government legislation.
 
The Council, acting as custodians of personal data, recognises its moral duty to ensure that all such data is handled properly and confidentially at all times, irrespective of whether it is held on paper or by electronic means. This covers the whole lifecycle, including:
  • the obtaining of personal data;
  • the storage and security of personal data;
  • the use of personal data;
  • the disposal / destruction of personal data
The Council also has a responsibility to ensure that data subjects have appropriate access, upon written request, to details regarding personal information relating to them.
 
The Council ensures that any third party processing such information on Barrow-in-Furness Borough Council's behalf is contractually obliged to put in place similar measures.
 

Actions

By following and maintaining strict safeguards and controls, the Council will:
 
Al. Acknowledge the rights of individuals to whom personal data relates, and ensure that these rights may be exercised in accordance with the Act;
 
A2. Ensure that both the collection and use of personal data is done fairly and lawfully;
 
A3. Ensure that personal data will only be obtained and processed for the purposes specified;
 
A4. Collect and process personal data on a need to know basis, ensuring that such data is fit for the purpose, is not excessive, and is disposed of at a time appropriate to its purpose;
 
A5. Ensure that adequate steps are taken to ensure the accuracy and currency of data;
 
A6. Ensure that for all personal data, appropriate security measures are taken, both technically and organisationally, to protect against damage, loss or abuse;
 
A7. Ensure that the movement of personal data is done in a lawful way, both inside and outside the Council and that suitable safeguards exist at all times.
 

Enablers

In order to support these actions, the Council will:
 
El. Nominate a Data Protection Officer for the Council, responsible for gathering and disseminating information and issues relating to information security, the Data Protection Act and other related legislation;
 
E2. Ensure that Chief Officers are responsible  - for communications and issues relating to information security, the Data Protection Act, and other related legislation within their department;
 
E3. Ensure that all activities that relate to the processing ¹ of personal data have appropriate safeguards and controls in place to ensure information security and compliance with the Act;
 
E4. Ensure that all contracts and service level agreements between the Council and external third parties, where personal data is processed, make reference to the Act as appropriate;
 
E5. Ensure that all staff acting on the Councils behalf understand their responsibilities regarding information security under the Act, and that they receive the appropriate training / instruction and supervision so that they carry these duties out effectively and consistently and are given access to personal information that is appropriate to the duties they undertake;
 
E6. Ensure that all third parties acting on the Councils behalf are given access to personal information that is appropriate to the duties they undertake and no more;
 
E7. Ensure that any requests for access to personal data are handled courteously, promptly and appropriately, ensuring that either the data subject or his/her authorised representative has a legitimate right to access under the Act, that the request is valid, and that information provided is clear and unambiguous ²
 
E8. Work towards adopting, as best working practice, the key principles of BS7799, the British Standard on Information Security Management;
 
E9. Review this policy and the safeguards and controls that relate to it annually, to ensure that they are still relevant, efficient and effective.
 
¹    Processing as defined by the Act as obtaining, recording, holding, organisation, adaptation, alteration, retrieval, consultation, use, disclosure, alignment, combination, blocking, erasure and destruction.
 ²   All actions regarding data subject access requests will be logged. This audit trail will include details regarding the nature of the request, the steps taken to validate it, the information provided as well as any withheld, e.g. for legal reasons.
 

An explanation of your rights under the Data Protection Act 1998 

What are your rights?

  • To ask what the Council uses the information for
  • To be provided with a copy of the information
  • To be given details of the purposes for which the council uses the information and other persons/organisations to whom it is disclosed
  • To ask for incorrect data to be corrected

Why do we keep personal information?

The Council keeps personal information about you in order that:
  • It can provide you with the services you require
  • Collect Council Tax
  • Assess the correct level of benefit for your needs
  • Provide you with up to date information about these services and the most appropriate service for your needs.
The information about you is also used to maintain a record of any help provided in order that we can look at it from time to time to see if it is still what you need and to plan for any changes.  The personal information you provide may also be shared with other agencies involved in the provision of services to you, and between departments of the Council where we are legally required to do so.
Link to more information about fair processing of data in data matching exercises.
 

Who do we share information with?

Depending on the original purpose for which is was obtained and the use to which it is to be put, information may be shared with a variety of services, examples include Housing sharing with Health or Housing Benefits sharing with the DWP.  It may also be shared, where necessary, with other organisations that provide services on our behalf, e.g. contractors working for the Council.

In all of these examples the information provided is only the minimum necessary, to enable them to provide services to you.
Personal information about you may also be provided to Government departments, where we are required to do so by law, or to other local councils.  An example would be when you have moved from one Councils area to another, and the new Council requires confirmation of the services you were receiving.
 
Information about you may also be provided for statistical research.  This will not include your name and address unless you have given us permission to provide the information.
 

What sort of information do we hold?

The personal information held will depend on the service being provided.  Basic information; that is, your name and address, age, date of birth, sex, next of kin; plus a note of the service provided, decisions regarding the provision, and any meetings between you and the department of the Council providing the service will appear on all records.
 
Other more sensitive data may also be held.  Depending on the needs of the service being provided such data may include for example; details of a person's physical or mental health, disabilities and racial, or ethnic origin.  Data relating to specific services include; the level of payment and the current state of the account - council tax, property details and extent of proposed alterations - planning.
 

How do we keep the information, and who is responsible?

The information is kept on secure computer systems and in secure manual filing systems.  Maintaining the record and keeping it secure is the responsibility of the departments of the Council providing the services you receive.
 

Are the records confidential?

The Council's employees have a duty of care when providing services.  This includes respecting the right to confidentiality, and ensuring that information about you is only used and given to others for the purposes of the service being provided.  Care is taken to ensure that third parties cannot access the information without permission and that data about you is not disclosed - to third parties or others - without your consent.
 

How long are records about you held?

Normally, your records will be kept only for as long as the service is provided to you, or as is required by law.  if there is no legal requirement to keep the records they will be destroyed as soon as is practicable.  Where there is a legal requirement to retain information it is not normally kept for more than six years.
 

How do you ask to see your information?

You can print our Subject Access Request Form (PDF 38Kb).
 
You can also obtain a copy of this from by contacting the Council's Data Protection Officer.
 
Please complete this form and, together with proof of identity (copy of driving licence, passport etc.), and a fee of £10 (cheque or postal order made payable to "Barrow Borough Council",  send it to:
 
The Data Protection Officer,
Barrow-in-Furness Borough Council,
Town Hall,
Duke Street,
Barrow-in-Furness,
Cumbria,
LA14 2LD.
 
Alternatively you can write to the Council, addressing the letter to the Data Protection Officer, or call at the Council Offices in person. When you do so you must provide your name and address; proof of identity; details of the services you are receiving; and any other information such as date of birth, sex, householder status (eg tenant, owner) you think may help the Council find your information. You must state that you are making the request under the Data Protection Act regime.
 
If you have any difficulty with the form, help will be provided.
 

What information will you receive?

All of the personal information we hold about you on both our computer, and manual record systems.  You will also be given a description of the purposes for which we process your data, a list of those to whom we disclose the data, and information about sources where this is available.
 

Can you see information about members of your family or any other person?

You may not see information about other persons, unless they have given their consent.  This includes information about members of your family.  If you are a parent or a member of an elderly person's family you may be provided with information about your child, or the elderly person, but only where you have written permission to ask for it, or have been granted powers to do so by the courts, and the Council is satisfied that such permissions are genuine.
 

Will you be charged a fee for information provided?

Yes, the Council charges a fee of £10 to contribute towards administrative costs.
 

How long does it take to provide you with the information?

The Council must respond within 40 days of receiving your application and payment. The 40 days starts from the date on which you sent in the written application, and any additional information required by the Council.
 

What should you do when you get the information?

You should check it to ensure that you have received all of the information to which you are entitled, and to make sure it is correct.
 

What do you do if the information provided is incorrect?

You should tell the Council that the data is incorrect and ask them to correct it.  You must do so in writing.  The Council must inform you if they have, or have not corrected the data within 21 days of you asking them to.  If the department does not agree that the information is incorrect you can ask it to record your disagreement on the record itself.
If the Council does not correct the information you may also appeal to the Information Commissioner or the courts.  These organizations have the power to order the Council to correct data.
 

What can you complain to the Commissioner about?

You can complain to the Commissioner if you consider the Council has breached any of the requirements of the Data Protection Act.  These include;
  • A breach of any of the Data Protection Principles
  • Processing data without having notified the Commissioner
  • Failure to respond to any of your written notices (see above)
  • Processing data without your consent (where consent is necessary)
  • Refusing to provide you with the personal information you have requested 
This list is not exhaustive.
 

What will the Commissioner do?

At your request the Commissioner will carry out an assessment of the Council's processing to establish whether or not we are doing so in compliance with the Act.
Should the Commissioner find we are not, then the Council will be issued with a notice requiring it to take steps to ensure compliance. 
 

Do we provide you with help in understanding the information?

If you need help in understanding the information provided, please inform the Council, and we will provide someone to explain.



Barrow Borough Council, Town Hall, Duke Street, Barrow-In-Furness, Cumbria, LA14 2LD, U.K.
Tel: 01229 876543 | Fax: 01229 876317 | customerservices@barrowbc.gov.uk |
Copyright 2012 Barrow Borough Council
Last Updated 8/7/2012