The Data Protection Act 1998 defines a legal basis for the handling in
the UK of information relating to living people. It is the main piece of
legislation that governs protection of personal data in the UK.
Organisations in the UK are legally
obliged to comply with this Act, subject to some exemptions.
Compliance with the Act is enforced
by an independent government authority, the Information Commissioner's Office
(ICO). The ICO maintains guidance relating to the Act.
Data may only be used for the specific purposes
for which it was collected.
Data must not be disclosed to other parties
without the consent
of the individual whom it is about, unless there is legislation or other
overriding legitimate reason to share the information (for example, the
prevention or detection of crime). It is an offence for Other Parties to obtain
this personal data without authorisation.
Individuals have a right of access to the
information held about them, subject to certain exceptions (for example,
information held for the prevention or detection of crime).
Personal information may be kept for no longer
than is necessary.
Personal information may not be transmitted
outside the EEA unless the individual whom it is about
has consented or adequate protection is in place, for example by the use of a
prescribed form of contract to govern the transmission of the data.
Subject to some exceptions for organisations
that only do very simple processing, and for domestic use, all entities that
process personal information must register with the Information Commissioner.
Entities holding personal information are
required to have adequate security measures in place. Those include technical
measures (such as firewalls) and organisational measures (such as staff training).
Also subjects are allowed/have the right to make
changes to wrong information
NOTIFICATION UNDER THE DATA PROTECTION ACT 1998
Your CCTV system must comply with the Data Protection Act to operate within the Law.
If you own or operate a CCTV scheme, it is important that the Data Protection Act (DPA) is complied with. Compliance with the DPA will ensure your CCTV system remains within the law and that the images can be used by the police to investigate crime. Non-compliance with the Act could negate the CCTV evidence, impede the prosecution of offenders or prevent the police from using the images to investigate a crime. Failure to comply could also result in action being taken under this Act.
Data controllers are required to inform the Information Commissioner of certain details about their processing of personal information. The Commissioner uses these details to make an entry describing the processing in the Public Register of Data Controllers. The main purpose of notification and the public register is to promote openness in the use of personal information.
Notification helps data controllers to be transparent and open about their processing activities, and also helps people understand how their personal information is being processed by data controllers. If you're a data controller, you're usually required to notify the ICO and costs £35 each year.
There are three ways to start the notification process:
- By post - Complete the application form found at www.ico.gov.uk , print it off and then post it to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- By phone - Telephone the notification helpline on 01625 545740 and a draft notification form will be sent to you.
- By requesting a notification - Complete the request form found at www.ico.gov.uk , then post it (address above), fax (to 01625 545748) or email it to (email@example.com) and a draft notification will be sent to you. Every notification must be accompanied by a fee of £35 (VAT nil). The period of notification lasts one year. After this time a continuation fee of £35 must be paid.