The Data Protection Act 1998 gives you the right to see any data we hold on you (with a few exceptions) and to have it corrected if it is not accurate.
It gives us the responsibility of handling your data securely and ensures that we do not disclose it to other people or organisations without meeting legal conditions that protect your privacy. For example, in some circumstances we may need to ask your permission first.
The Act calls users of personal data ‘data controllers’. Data controllers, such as the Councils, must work within the requirements of the Act when obtaining and using information about you. The Information Commissioner regulates the Act and maintains a public register of data controllers. Detailed information about the Act can be found on the Information Commissioner’s website.
We regard the lawful and correct treatment of personal data as vital to maintaining the confidence of the many individuals we deal with. We will treat personal data lawfully and correctly and will comply with the data protection principles as set out in the Data Protection Act and our Data Protection Policy.
We hold a wide range of information, some of which is personal.
We collect and hold certain personal data so we can provide you with the services you require. For example, we process data to:
The Information Commissioner maintains a public register of data controllers. Each register entry gives details of the data controller and a general description of what the personal data held is used for.
Register entries for all the personal data we hold:
Your rights under the Act are:
Normally, personal data we hold about you has been collected for a specific purpose. However, occasionally consent may be required when using data for a different purpose from that for which it was gathered.
Consent is not required where we are obliged under law to assist in the prevention and detection of crime or where the information is required to perform a statutory function such as collection of Council Tax.
All application forms and requests for your personal information explain why we require the information requested and whether or not we need your consent.
You can access the information we hold about you by making a Subject Access Request. Requests for information can be made by completing the relevant Subject Access Request form and returning it with two forms of ID and the fee of £10.
The Data Protection Act 1998 gives you certain rights, and also places legal responsibilities on the councils which holds and processes personal information about you.
The Act says that organisations collecting and holding personal information must be open about how it is to be used and must adhere to the eight principles of the data protection act which state that personal information must:
By law the Councils are required to follow these rules.
As a Data Subject you have the right of access to the personal data held about you by the Councils on a computer and in any structured / unstructured manual paper files.
In general, personal information will only be given to an individual, and then only with appropriate identification. In addition, requests for information about a person other than yourself will be rejected except for the following common situations:
We aim to provide as much information as we can, however there may be some exemptions to the release of this information, if this is the case, we will let you know.
Under the Data Protection Act, we must respond to your request within 40 days. This time period does not start until we have received all information required to process your request.
There is a fee of £10 for subject access requests, as determined by the Data Protection Act.
If you wish to complain about the way your request has been processed you must first complain to us through our complaints procedure. If you have followed our complaints procedure and are still not satisfied, then you can take your complaint to the Information Commissioner.
All personal information held by Suffolk Coastal District Council and Waveney District Council is kept securely and is only released in accordance with the Data Protection Act.
If you believe the data we hold about you is incorrect or that there is information that we have not supplied, you must contact us within 21 days of receiving our response to your request.
If we don’t agree that the information is incorrect, you can appeal using the Councils’ normal complaints procedure.
You can also appeal to the Information Commissioner’s Officer if we do not correct the data you ask us to.
We are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
We participate in the Cabinet Office’s National Fraud Initiative; a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 pf the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by the Cabinet Office is subject to a Code of Practice.
For further information on data matching at Suffolk Coastal and Waveney District Councils contact the Head of Internal Audit at email@example.com.