Data Protection & Information Security Policy

Data Protection & Information Security Policy

Great Ouseburn Parish Council recognises its responsibility to comply with the Data Protection Act 1998, which regulates the use of personal data. This does not have to be sensitive data; it can be as little as a name and address.

1. The Data Protection Act

The Data Protection Act 1998 sets out high standards for the handling of personal information and protecting individuals’ rights for privacy. It also regulates how personal information can be collected, handled and used. The Data Protection Act applies to anyone holding personal information about people electronically or on paper.

As a local authority, Great Ouseburn Parish Council has a number of procedures in place to ensure that it complies with the Data Protection Act 1998. The Parish Council has also notified the Information Commissioner that it holds personal data about individuals. When dealing with personal data, Great Ouseburn Parish Council staff and Councillors must ensure that:

  • Data is processed fairly and lawfully Personal information should only be collected from individuals if staff and Councillors have been open and honest about why they want the personal information.
  • Data is processed for specified purposes only
  • Data is relevant to what it is needed for Data will be monitored so that too much or too little is not kept; only data that is needed should be held.
  • Data is accurate and kept up to date Personal data should be accurate, if it is not it should be corrected.
  • Data is not kept longer than it is needed Data no longer needed will be shredded or securely disposed of.
  • Data is processed in accordance with the rights of the individuals Individuals must be informed, upon request, of all the personal information held about them.
  • Data is kept securely Only the Clerk can directly access the data, which is held securely by a system of passwords and encryption. It cannot be accessed by members of the public.
  • Data is not transferred outside the European Economic Area unless the country in question can provide an adequate level of security for that data2. Storing and Accessing Data Great Ouseburn Parish Council recognises its’ responsibility to be open with people when taking personal details from them. This means that councillors and staff must be honest about why they want a particular piece of information. If, for example, a member of the public gives their phone number to staff or a member of Great Ouseburn Parish Council, this will only be used for the purpose it has been given and will not be disclosed to anyone else without the person’s permission.

    Great Ouseburn Parish Council may hold personal information about individuals such as their addresses and telephone numbers. This is currently securely held at the premises of the Parish Clerk and is not available for public access. All data stored on the Clerk’s computer will be password protected. Once data falls outside the minimum retention time of Council’s document retention policy, it will be shredded or securely deleted from the computer.

    The Parish Council is aware that people have the right to access any personal information that is held about them. If a person requests to see any data that is being held about them

  • They must be sent all of the personal information that is being held about them
  • There must be an explanation for why it has been stored
  • There must be a list of who has seen it
  • It must be dealt with within the prescribed time limitsA fee to cover photocopying and postage charges will be charged to the person requesting the personal information. 

    3. Disclosure of Personal Information

    If an elected member of the council needs to obtain personal information to help carry out their duties, this is acceptable. They are only able to gain as much information as necessary and it should only be used for that specific purpose. If, for instance, someone has made a complaint about overhanging bushes in a garden, the Clerk may give a Councillor the address and telephone number of the person who has made the complaint so they can help with the enquiry. A councillor may only do this providing they represent the area that the subject lives in. Data should never be used for political purposes unless the data subjects have consented.


    4. Confidentiality

Great Ouseburn Parish Council councillors and staff must be aware that when complaints or queries are made, they must remain confidential unless the subject gives permission otherwise. When handling personal data, this must also remain confidential.