The Data Protection Act 1998   A guide for Members’ staff

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ã Parliamentary Copyright 2001

 

 

 

 

Here is a list of questions that are typically asked by people when faced with the Data Protection Act 1998 for the first time. We hope that the answers given here will help you gain a useful insight into the Act and understand your new responsibilities when carrying out your day to day work.

 

Q.1. What is the Data Protection Act 1998 all about ? A1

 

Q.2. How must we look after personal information from now on ? A2

 

Q.3. What rights do people have under the Act ? A3

 

Q.4. Who is responsible for the personal information held in the office ? A4

 

Q.5. What do we have to do to handle information fairly and lawfully ? A5

 

Q.6. What is personal information ? A6

 

Q.7. What does handling (processing) information mean ?  A7

 

Q.8. What personal information is covered by the Act ? A8

 

Q.9. Do I have to deal with all forms of personal information in the same way ? A9

 

Q.10. What information is considered to be sensitive ? A10

 

Q.11. When will the Act become law ? A11

 

Q.12. How will it affect my handling of constituency casework ?  A12

 

Q.13. What happens when I receive personal information from a third party ? A13

 

Q.14. What happens if I am asked to act on behalf of a third party ?  A14

 

Q.15. Do I always have to comply with the Act when handling personal information ? A15

 

Q.16. How should I handle and when should I disclose personal information ? A16

 

Q.17. What happens if someone asks to see the information that we hold on him or her ? A17

 

Q.18. How do I get information from agencies ? A18

 

Q.19. Is there anything else I need to know about the Act ? A19

 

Q.20. Where can I go for more information/help ? A20

 

 

 

 

 

A.1. What is the Data Protection Act 1998 all about ?

 

·        The Act introduces 8 ways (principles) by which you must handle personal information.

·        It gives certain rights to the people (data subjects) on whom personal information is held.

·        It requires information from those who are ultimately responsible for keeping personal information on a system (data controllers) for a public register.

 

A.2. How must we look after personal information from now on ?

 

You must comply with 8 principles. These are:

 

·        Personal information must be handled fairly and lawfully.

·        It must be got for a specific and lawful reason

·        The information must not be excessive

·        It must be accurate

·        It must not be kept for longer than is necessary (usually the lifetime of a Parliament)

·        It must be handled in accordance with the rights of the individual (data subject) under the Act

·        It must be kept safe

·        It may not be sent outside of the EEA.

 

A.3. What rights do people have under the Act ?

 

·        They can look at the information you hold on them

·        They can stop processing likely to cause them damage or distress

·        They can prevent processing for direct marketing

·        They can know why or prevent automatic decision making

·        They can receive compensation for damage or distress caused

·        They can be allowed to correct, erase or destroy inaccurate information

·        They can ask for an assessment to be carried out on whether or not the Act has been contravened.

 

A.4. Who is responsible for the personal information held in the office ?

 

·        Whilst you will have responsibilities, ultimate responsibility falls on the Member of Parliament. He/she is the data controller.

 

A.5. What do we have to do to handle information fairly and lawfully ?

 

To handle information fairly

 

·        The person giving you the personal information must know what it will be used for

·        It must be got from that person (data subject) or from someone legally allowed to give it

 

That person must be told

 

·        The identity of the data controller (The Member of Parliament)

·        What the information will be used for

·        Any other relevant information

 

To handle information lawfully

 

·        The person giving the information must agree to you handling it

 

In the case of sensitive personal information

 

·        The person must give their explicit agreement. (They should put it in writing)

 

A.6. What is personal information ?

 

·        Personal information is anything by which a living individual can be identified.

 

A.7. What does handling (processing) information mean ?

 

·        Handling covers almost any action that may be carried out on personal information. Such things as receiving, recording, holding, changing, retrieving, disclosing, erasing and destroying.

 

A.8. What personal information is covered by the Act ?

 

·        The Act covers personal information held electronically (on computers) or on paper and held in filing cabinets.

·        If the personal information can be easily retrieved then it will have to comply with the Act.

 

A.9. Do I have to deal with all forms of personal information in the same way ?

 

·        No, there are two categories of personal information, normal and sensitive. There are extra rules about sensitive personal information.

 

A.10. What information is considered to be sensitive ?

 

·        Racial or ethnic origin.

·        Religious or similar beliefs

·        Physical or mental health or condition

·        Any offence committed or alleged to have been committed

·        Political opinions

·        Whether someone is in a trade union

·        Sexual life

·        Any proceedings for any offence that has or is alleged to have been committed and the disposal or court sentence that results.

 

A.11. When will the Act become law ?

 

·        For information handled (processed) for the first time on or after 24 October 1998, this information will have to comply with the Act from 1 March 2000.

·        From 24 October 2001 most information will have to comply with the Act, regardless of when it was first handled (processed).

 

A.12. How will it affect my handling of constituency casework ?

 

·        Remember that in nearly all cases constituents will be passing you personal information when asking the Member for help.

·        Remember that it may be necessary to get their agreement. Explicit agreement will normally be needed when you are being given sensitive information.

·        For the handling to be done fairly, remember to:

·        tell them who the data controller is and

·        What the information will be used for.

·        You may also wish to tell them who will be seeing it and

·        Tell them how long it will be kept (usually the lifetime of a Parliament.)

·        Particular care needs to be taken when handling or disclosing this information

 

A suggested paragraph to include in a letter to a constituent could be;

 

Your MP will treat as confidential the personal information that you have passed on. Sometimes your MP may need to pass this information on to others so they can help you. The information will be recorded and normally only kept until the next general election. You can write and ask to see the information your MP holds about you but he/she may make a small charge for this.

{If you give your MP personal information about someone else, he/she may need to check the facts with that person. He/she will ask you before doing this.}

A.13. What happens when I receive personal information from a third party ?

 

·        Remember that the information needs to be handled fairly. To do this the person on whom personal information is being received (the data subject) needs to be told:

·        The name of the data controller,

·        What the information will be used for.

·        You may also wish to tell them who will be seeing it and

·        Tell them how long it will be kept (usually for the lifetime of a Parliament.)

 

A suggested paragraph to include in a letter to a third party could be;

 

The MP for…….. will treat as confidential the personal information you have passed on. He/she may need to pass this information on to others for their help. The information will be recorded and normally only kept until the next general election. You can write and ask to see this information, a small charge may be made for this.

{If you gave personal information about someone else, the MP for…… may need to check the facts with that person, but will ask you before doing so.}

 

A.14. What happens if I am asked to act on behalf of a third party ?

 

·        In addition to the actions outlined in question 13, you may wish to check that the third party is happy for the Member of Parliament to act on their behalf.

·        This may not be possible if no address has been given

 

A.15. Do I always have to comply with the Act when handling personal information ?

 

·        Not if this involves ‘disproportionate effort’. The Member will need to balance the effect of not providing the information against the resources available in the office. It may take too long or tie up too many staff to comply?

·        If it is decided not to give the information then this will need to be recorded.

 

A.16. How should I handle and when should I disclose personal information ?

 

·        With the greatest of care!

·        Remember, any personal information you get must not be passed to other Members, political parties, the press, or be used for political purposes without the constituent’s agreement.

 

A.17. What happens if someone asks to see the information that we hold on him or her ?

 

·        People already have the right to see what information is held about them on computers

·        From 24 October 2001, people will also have the right to see what information is held on most manual records (on paper).

·        Your Member, as the data controller, will have 40 days in which to get this ready.

·        Your Member may charge a fee of up to £10.00 for doing this.

 

A.18. How do I get information from agencies ?

 

Casework may involve you having to ask the DSS or other Government Departments for information about constituents.

 

·        You will be given personal information about a constituent if it is believed that you are acting on the constituents’ behalf.

·        They may need to check your identity.

·        They may need to check with the constituent that you are acting on his/her behalf.

·        The precautions taken will vary according to the types of personal information involved.

·        Don’t be surprised if you are asked to provide written proof that you are acting on the constituent’s behalf.

 

A.19. Is there anything else I need to know about the Act ?

 

·        Yes. This paper is only intended as a guide.

·        The legislation is complex and it is not feasible to describe it here in any detail. There are many exemptions to parts of the Act.

·        If you are in any doubt about what action to take, seek further advice or guidance. 

 

A.20. Where can I go for more information/help ?

 

·        On the requirements of the Act and registration from the Data Protection Commissioner at http://www.dataprotection.gov.uk or by phoning the information line 01625 545745.

 

·        General advice and guidance, from Edward Wood in the Department of the Library  on 020 72196108.

 

·        On parliamentary privilege, form the Clerks at the Table.

 

·        On the contents of this presentation, contact Heather Wood or Andrew Wallace in the Department of Finance & Administration (e-mail woodh@parliament.uk or wallacea@parliament.uk)

 

·        More detailed guidance for Members and their staff is available on the parliamentary Intranet. Look on the site index.