Can a child make a Data Protection request?
Yes. The Act has no minimum age requirement for applicants. Children can apply for access to their own records provided they are capable of understanding the nature of the request and the information content disclosed.
Typically children over 13 are considered old enough to make their own request, depending on their capacity and maturity.
Can I access personal data about other people under the Data Protection Act 2018?
You only have right of access to your own personal data. You do not have right of access to personal data about any other individual, such as your family, friends or neighbours except in the following circumstances:
- You are a parent requesting information about a child but there is no automatic right to the data. If a child is old enough to give informed consent and understands the contents of the information, the council will be guided by their wishes. In most cases children aged 13 and above are regarded as having sufficient maturity to respond to such requests but each case will be judged on its own merits. In all cases disclosure would only occur if it is in the best interests of the child.
- A solicitor is requesting information on behalf of a client - a signed authority form from the person concerned is required
- An agent or family person has written authorisation to act on behalf of a person.
Can I arrange for someone to make a Data Protection request on my behalf?
A friend, relative or solicitor may request information on your behalf but they must have obtained written authorisation from you to do this.
Can I ask for the information I receive about my Data Protection request to be provided in a different format?
You may request that the information be supplied in a particular format, though this may, in certain circumstances, incur an additional cost. It may also be possible to supply the information in braille, audio format, large type, or another language but you must clearly state this in your request.
Can I obtain all the information is that held about me under the Data Protection Act?
Yes usually but there are exemptions under the Data Protection Act that prevent certain records being released. The main exemptions are as follows:
- Law enforcement - catching or prosecuting offenders
- National security
- Assessing or collection of taxes/duties
- Adoption records and reports
- Examinations marks and examinations comments
- Personal data about someone
- Information that would identify someone who has supplied data in confidence about you.
In circumstances where data held on you relates to another person, the council will need to seek their permission before this information can be released.
Does the council need your consent to use information about you for any purpose?
All personal data supplied to the Council must be used for the purpose it was specified for. If we wish to process existing information for a new purpose we are legally abided to inform you of this change and seek your consent.
However, there are a number of exemptions that apply to the Act where we are exempt from obtaining your consent:
- The data is required by statutory or legal obligations - for e.g. CSA, DWP etc.
- Disclosure is in the vital interests of a person - for example it is a life or death situation
- Disclosure will prevent injury or harm to a person's health
- Disclosure will prevent/detect crime or the apprehension of offenders (s29)
- Disclosure will help with the assessment or collection of Council tax or duty
- Disclosure is considered in the public interest - for example in respect of a criminal activity
- The data is considered to be in the interests of national security
- The information is used for research, historical or statistical purposes
- Information is covered by legal privilege
- A court order is provided - although this can be challenged. This could possibly be challenged if for example a "safe address" of a person living in fear was to be revealed
- There is a departmental requirement to carry out a council's statutory function
- Disclosure is necessary for the purpose of obtaining legal advice, or establishing, exercising or defending the council's legal rights (s35)
Under this requirement we are also exempt from Electoral Registration changes or where data consists of our intentions with regards to negotiations with individuals.
Does the council provide advice on the Data Protection information it provides?
The council will offer guidance and advice about the information you have requested. Just simply contact the person who dealt with your request.
How can I make a claim for compensation if I think the Council has breached the Data Protection Act?
You will need to appoint a solicitor to act on your behalf to make a claim through the courts. Please note all claims will need to be supported by documented evidence that emphasises that the council has not taken reasonable steps to ensure compliance with the Act and that as a result damage or distress has been incurred.
How can I stop the council from using information about me for direct marketing purposes?
Simply write to the council to request your information be removed from any direct marketing lists. The Council will respond to you within 21 days to confirm if this request can be met.
How do I make a subject access request?
All subject access requests must be made to the Information Governance Team. Make a subject access request.
How does the Data Protection Act work?
Under the Data Protection Act anyone processing personal information must comply with the eight principles of handling information.
The Act stipulates that data processed must be:
- Obtained fairly and lawfully
- Obtained only for the specified purpose it was given and can not be used for any other incompatible purpose
- Should be adequate, relevant and not excessive
- Should be kept up to date and accurate
- Should not be kept for longer than necessary
- Should be processed in accordance with the individuals rights (i.e. data subject)
- Should be secure
- Should not be transferred to countries outside the European Union unless that country has adequate protection for the individual
How long will a subject access request take?
All subject access requests must be responded to within 30 calendar days and must confirm the following data:
- A description of the personal data held
- Why the data is held
- Who else may have been given the data
- A copy of the data
- An explanation of any technical terms or abbreviations
- Any information about the original source of information
If your request is unclear or ambiguous the 30 statutory calendar day period will be suspended and will not commence until we have received clear instructions from you.
If I think the council hasn't abided by the Data Protection Act, can I make a claim for compensation?
If you feel the council has not abided by the legal requirements of the Act and has caused you unforeseen damage or distress you may in some circumstances be able to make a claim for compensation. All claims will need to be quantified in terms of costs and distress.
Is there a charge for making a Data Protection request?
There is no charge for data protection requests.
What are my rights under the Data Protection Act?
The Act provides you with the following rights:
- The right to a subject access request to find out what personal data is held about you.
- The right to prevent processing of personal data
- The right to prevent process for direct marketing
- Your right in relation to automated decision-taking - for e.g. individuals have a right to object to automated decisions made them where there has been no human involvement
- The right to compensation for damage or distress caused by a breach of the Act.
- The right to rectify, block or erase inaccurate data held on file
- The right to ask the Information Commissioner to assess your case if personal data has not been processed in accordance with the Data Protection Act.
What happens if my subject access request is refused?
If your subject access request is refused you can appeal against this decision by writing to the Information Commissioner at the address below:
Information Commissioner's Office
Tel. No: 01625 545745
Fax No: 01625 534510
Website: Information Commissioner's Office
Please note the Information Commissioner will only consider your request for an independent review once you have exhausted the Council's internal review/complaint process.
What information will I receive after I have made a Data Protection request?
Generally you will be given a copy of the records we hold on you. This may be in a form of a computer printout or a photocopy of manual records.
NB: Third Party information will be redacted (Removed by way of a black mark covering the text)
What is meant by 'personal data' in the data protection act?
The council holds a variety of information about local residents in South Tyneside. Personal data is information that identifies you as a living individual. The Act does not cover personal data about deceased individuals.
What is meant by 'processing' personal data?
South Tyneside Council cannot process personal data fairly and lawfully unless one of the following criteria has been met:
- The individual has given his or her consent to the processing
- Processing is necessary for the performance of a contract with the individual
- Processing is required under a legal obligation
- Processing is necessary to protect the vital interests of the individual
- Processing is necessary to carry out public functions e.g. administration of justice
- Processing is necessary in order to pursue the legitimate interests of the data controller or third parties (unless it could unjustifiably prejudice the interests of the individual)
What is the Data Protection Act 2018?
The Data Protection Act was introduced:
- To give individuals right of access to their own personal data
- To regulate and control how individuals and organisations acquire, process and hold personal data
The purpose of the Act is to ensure that data is processed with the highest level of protection to safeguard the interests of individuals to prevent any cause of harm or suffering to a person.
What kind of information does the council hold about its residents?
Personal data has to be gathered to allow the Council to provide its services efficiently and effectively (e.g. Council Tax, Housing Benefits, Rent, Education, Social Services etc). Some examples of personal data include:
- Personal data e.g. names/addresses/telephone numbers
- Tenancy agreements
- Complaints file
- Photographs and CCTV
- An expression of an opinion
- A statement from a doctor
- Council Tax , Benefits or Electoral roll
- Licensing, planning and Trading standards
What types of information are covered by the Data Protection Act?
It refers to any personal data held about you and can refer to any of the following:
- CCTV footage
- Electronic databases
- Paper filing system
- Photographs (including scanned images)
What will happen if the personal data that the council holds about me is incorrect?
The Council is legally obliged under the Data Protection Act to keep personal data accurate and up to date. If you believe the personal data we hold about you is inaccurate you will need to make a request in writing to inform us of the data inaccuracy(s). The Council has 21 days to respond to your notification and agree to either update your details or record a file disagreement notice. If you are dissatisfied with this decision you can appeal to the Council's Records Management Team for further advice in the first instance. Any further action will need to be taken up with the Information Commissioner who will independently review your case.
Who is entitled to make a data protection request?
Any person, regardless of their age can request information about themselves in writing so long as it is supported with:
- appropriate photo identification, e.g. passport, driving license
- proof of address
- appropriate fee
- appropriate consents
- and they have the capacity to understand the information provided