Our data protection policy

We formally adopted this data protection policy in June 2001 and it applies to all staff and those acting on our behalf.

Scope of our data protection policy

It is essential for us to gather and process (about staff, customers, citizens, suppliers, members and others) if we are to operate effectively. We do this in accordance with the Data Protection Act 1998 (the Act) and other related government legislation.

Acting as a custodian of personal data, we recognise our moral duty to make sure that this data is handled properly and confidentially at all times, irrespective of whether it is held on paper or electronically. This covers the whole lifecycle of the data, including:

  • Obtaining personal data
  • The storage and security of personal data
  • The use of personal data
  • The disposal or destruction of personal data

We also have a responsibility to make sure that individuals have appropriate access, upon written request, to details of the personal data that we hold about them.

Actions under our data protection policy

By following and maintaining strict safeguards and controls, we will:

Al. Acknowledge the rights of individuals to whom personal data relate, and ensure that they may exercise these rights in accordance with the Act

A2. Ensure that we collect and use personal data in a way that recognises the Fair Processing Code, that is, that we collect personal data fairly and lawfully

A3. Ensure that we will only obtain and process personal data for the purposes specified in the our notification to the Information Commissioner

A4. Collect and process personal data on a 'need to know' basis, making sure that they are fit for the purpose, are not excessive, and are disposed of at a time appropriate to their purpose

A5. Take adequate steps to ensure the accuracy and currency of data

A6. Ensure that for all personal data, we take appropriate security measures - both technically and organisationally - to protect against damage, loss or abuse

A7. Ensure that we move personal data in a lawful way - both inside and outside the organisation - and that suitable safeguards exist at all times

Enablers - what we will do to support these actions

In order to support these actions, we will:

El. Nominate a 'Data Protection Officer' for the council, responsible for gathering and disseminating information and issues relating to information security, the Data Protection Act and other related legislation

E2. Ensure that line managers are responsible for communications and issues relating to information security, the Data Protection Act, and other related legislation within their department

E3. Ensure that all activities that relate to the processing of personal data have appropriate safeguards and controls in place to ensure information security and compliance with the Act

E4. Ensure that all contracts and service level agreements between the council and external third parties (including contract staff) make reference to the Act as appropriate

E5. Ensure that all staff (including contract staff) acting on the council's behalf, understand their responsibilities relating to information security under the Act; that they receive appropriate training, instruction and supervision so that they can carry these duties out effectively and consistently; and are given access to personal information that is appropriate to their duties

E6. Ensure that all third parties acting on the council's behalf are given access to personal information that is appropriate to their duties and no more

E7. Ensure that we handle any requests for access to personal data courteously, promptly and appropriately, making sure that either the data subject or their authorised representative have a legitimate right to access under the Act, that their request is valid, and that information we provide is clear and unambiguous

E8. Work towards adopting, as best working practice, the key principles of BS7799 - the British Standard on Information Security Management

E9. Review this policy, and the safeguards and controls that relate to it, annually to make sure that they are still relevant, efficient and effective

Notes about our data protection policy

1.   Processing is defined by the Act as obtaining, recording, holding, organising, adapting, altering, retrieving, consulting, using, disclosing, aligning, combining, blocking, erasing and destroying

2.   We will log all actions about data subject access requests. This audit trail will include details of the nature of the request, the steps we took to validate it, the information we provided as well as any we withheld (for example for legal reasons)

 
Did you find what you were looking for?Did you find what you were looking for?
  1.  
  2.  
    1. We use your views to improve our website. If you have a query about our services, please email customerservices@rushmoor.gov.uk.

    1. We use your views to improve our website. If you have a query about our services, please email customerservices@rushmoor.gov.uk.

 

A - Z of Council Services