• Criteria
• Rights Of Subject
• Processing Lawful Data
• Sensitive Data

Criteria

1.1 The Data Protection Act 1998 requires that personal information:

• Processed fairly and lawfully and, in particular, shall not be processed unless one of the conditions in Schedule 2 is met, in the case of sensitive data, at least one of the conditions in Schedule 3 is also met.
• Personal data shall be obtained only for one or more specified lawful purposes and shall not be processed in any manner incompatible with that purpose
• Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
• Personal data shall be accurate and, where necessary, kept up to date
• Personal data processed for any purpose or purposes shall not be kept longer than is necessary for that purpose or those purposes
• Personal data shall be processed in accordance with the rights of data subjects under this Act
• Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
• Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data

1.2 The Act now has a wider definition than the Data Protection Act 1984 as it now covers not only automatically processed data but also data which is recorded as part of a relevant filing system or it is intended to be kept as such.

1.3 A relevant filing system is defined as any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose:

• The set is structured, either by reference to individuals
  or

• By reference to criteria relating to individuals; in such a way that specific information relating to a particular individual is readily accessible such as:
• Structuring by reference to individuals (Names / Addresses etc)
• Ready accessibility of specific information (Age, Gender, Religion etc)

back to top

Rights Of Subject

2.1 Those, subject of data, have rights and in brief they are:

• Rights of access to a copy of the data (some exemptions apply)
• The source of the data
• Rights to prevent processing likely to cause damage or distress
• Rights to prevent processing for the purpose of direct marketing
• Rights in relation to automated decision making
• Right to compensation if they suffer damage

back to top

Processing Lawful Data

3.1 Processing data is lawful only if one of the following conditions in Schedule 2 of the Act applies and it is:

• With consent
• To perform a contract with the individual
• Under a legal obligation
• To protect the vital interests of the individual
• To carry out a public function
• To pursue the legitimate interests of the Data Controller unless prejudicial to the interests of the individual
• For the administration of justice

back to top

Sensitive Data

4.1 Sensitive data can only be processed under certain conditions. Sensitive data is described as any information about a persons:

• Racial or Ethnic origin
• Political opinion
• Religious beliefs or other beliefs of a similar nature
• Trade union membership
• Physical or mental health or condition
• Sex life
• The commission or alleged commission of any offence
• Any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings.

4.2 Sensitive data can be processed with one of the following applying:

• With explicit consent
• Under a legal obligation in the context of employment
• To protect the vital interests of the data subject or another person where consent cannot be given or is unreasonably withheld
• By certain non profit -bodies about other members
• Where the information has been made public
• In legal proceedings
• To carry out certain public functions
• For medical purposes when undertaken by a Health professional
• For the administration of justice
• The processing is necessary for the exercise of any functions conferred upon a Constable by any rule of law

4.3 The Act allows for disclosure without the consent of the subject in certain conditions, including for the purposes of the prevention or detection of crime, the apprehension or prosecution of offenders, and where failure to disclose would be likely to prejudice those objectives in a particular case.