CORPORATE DATA PROTECTION PROCEDURES

Size: px

Start display at page:

Download "CORPORATE DATA PROTECTION PROCEDURES"

Bernice Dalton
8 years ago
Views:

CORPORATE DATA PROTECTION PROCEDURES THIRD PARTY REQUEST PROCEDURE ELECTED MEMBERS Document Control Issue/ Amendment Date(s) Pages Amended Originator Approved By v.

1 CORPORATE DATA PROTECTION PROCEDURES THIRD PARTY REQUEST PROCEDURE ELECTED MEMBERS Document Control Issue/ Amendment Date(s) Pages Amended Originator Approved By v.1 May 2008 None A Miller Committee v.2 April 2012 All pages J Anderson CMT: Contents 1.0 Introduction 2.0 Disclosures to the Elected Member as a Member of the Council or a Committee (official Council work) 3.0 Disclosures of personal data to Elected Members/ MP/ MEP or MSP acting on behalf of local taxpayers (Constituency Work) 4.0 Disclosures of personal data to Elected Members/ MP/ MEP or MSP for political purposes 5.0 Security of Information 6.0 Further Information 1.0 Introduction 1.1 Whether or not a member of staff can disclose personal information/data to an Elected Member is dependent upon the role the Elected Member is playing at a particular time. Elected Members may play one of three roles: They may act as a member of Aberdeen City Council (ACC), for instance as a member of a Committee (i.e. official council work). They may act as a representative of residents who live in their ward, for instance, in pursuing complaints (i.e. constituency work). They may represent a political party, particularly at election time. 1

0 Disclosures to the Elected Member as a Member of the Council or a Committee (official Council work) 3.

2 2.0 Disclosures to the Elected Member as a Member of the Council or a Committee (official Council work) 2.1 Disclosures of personal data may be made to an Elected Member, if it is necessary for him/her to carry out official duties. 2.2 When disclosing personal data to an Elected Member, staff must specify the purposes for which that information may be used or disclosed. 3.0 Disclosures of personal data to Elected Members/ MP S or MSP S acting on behalf of local taxpayers (Constituency Work) 3.1 Personal data may always be disclosed at the request of or with the consent of an individual. Due to a change in the law in the consent of the individual concerned is not normally required provided that the Elected Member/ MP 2 / MEP 3 or MSP 4 representing the ward in which the data subject lives and there is a reasonable presumption that the Elected Member/ MP or MSP is acting on behalf of the individual. 3.2 The law gives an Elected Member/ MP/ MEP or MSP the right to obtain personal data about a constituent if all of the following tests are fulfilled:- a) the request is in connection with their constituency work 5 ; b) the data subject has asked the Elected Member/ MP/MEP or MSP to act on their behalf in the matter; and c) the request is reasonable and, in order for ACC to comply with the request, it is necessary for ACC to disclose personal data to the Elected Member/ MP/MEP or MSP. 3.3 Where sensitive personal data 6 is to be disclosed to an Elected Member/ MP/ MEP or MSP the Information Commissioner advises that it is prudent to obtain the written consent of the data subject. The mandate form attached (see Appendix) should be utilised for this purpose. 3.4 The law also gives an Elected Member/ MP/MEP or MSP the right (in limited circumstances) to disclose personal data (including sensitive personal data) about a data subject to another individual without the data subject s explicit consent. This right only exists however if all of the tests set out in paragraph 3.2 above are fulfilled and either: 1 Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) Order Member of Parliament 3 Member of the European Parliament 4 Member of the Scottish Parliament 5 If its not clear from the correspondence with the MP/ MEP or MSP that the data subject has asked them to act on their behalf, you should ask the MP/ MEP or MSP for a signed mandate from the data subject. 6 information relating to racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health, sexual life or commission or alleged commission of an offence. 2

2 When disclosing personal data to an Elected Member, staff must specify the purposes for which that information may be used or disclosed. 3.

3 a) the explicit consent of the data subject cannot be given; or b) the Elected Member/ MP/ MEP or MSP cannot reasonably be expected to obtain the explicit consent of the data subject; or c) the disclosure must necessarily take place without the explicit consent of the data subject so as not to prejudice action taken by the Elected Member/ MP/ MEP or MSP; or d) the disclosure is necessary in the interests of another individual and is a case where the explicit consent of the data subject of the information is being unreasonably withheld. 3.5 It would be considered reasonable to share the information with a parent of a child under 12 or an older child who is incapable of understanding the concept of consent; with the adult child or spouse of a person who is incapable of understanding the concept of consent; with someone who holds a relevant Power of Attorney in respect of the individual; or with the individual s legally appointed Welfare Guardian. 3.6 Where there is little or no relationship between the individuals, (e.g. if a constituent is seeking information about a neighbour) then no information whatsoever should be disclosed to the Elected Member/ MP/ MEP or MSP without the written consent of the data subject. The mandate form attached (see Appendix) should be utilised for this purpose. 3.7 Multi-Member Wards There may be situations where an Elected Member who represents a constituent may need to pass on that individual s personal information to another Elected Member representing the same ward. The Elected Member will only be able to disclose personal information to the other ward member which is necessary either: To address the constituent s concerns; or Where the particular issue raises a matter which concerns Elected Members in the same ward; and The constituent has been made aware that this is going to take place and why it is necessary. If a constituent objects to the use or disclosure of their information their objections should be honoured. 4.0 Disclosures of personal data to Elected Members for political purposes 4.1 Personal information should not normally be disclosed to Elected Members/ MP/ MEP or MSP for political purposes unless the individual concerned has given written consent. 3

the interests of another individual and is a case where the explicit consent of the data subject of the information is being unreasonably withheld. 3.

4 4.2 The only types of information which may be released to Elected Members/ MP/ MEP or MSP for political purposes without the written consent of the individual concerned are as follows: Sets of data that ACC is required by law to make public (for example lists of some types of license holder) Information that does not identify any living individuals (for instance Council Tax band information or statistical information). Care should be taken to ensure that the information released cannot be related to specific individuals, for instance by comparing property data with the electoral roll. 5.0 Security of Information 5.1 Where the Elected Member/ MP/ MEP or MSP is able to take a copy of the information away from ACC premises, whether in paper or electronic format, or has remote access to the information, appropriate steps must be taken by the Elected Member/ MP/ MEP or MSP to ensure the security of the information. 6.0 Further Information 6.1 If you require further information or have any queries contact the Information Management Liaison Officer (IMLO) for your Service. Details of the IMLOs are available on the Zone. 4

Care should be taken to ensure that the information released cannot be related to specific individuals, for instance by comparing property data with the electoral roll. 5.0 Security of Information 5.

5 DATA PROTECTION ACT 1998 MANDATE (CONSENT TO DISCLOSURE OF PERSONAL DATA) I [insert name] Date of Birth: Address: CONSENT TO THE UNDERNOTED DATA/INFORMATION/DOCUMENTS My housing tenancy or application My Council Tax/Housing Benefit account: My relevant Social Work records: Other relevant records Being Disclosed to: or a person acting with his/her authority. [insert name of Councillor / MP/ MEP or MSP or named person] for the purposes of (please explain what you want the Councillor/ named person to do) I am aware that this mandate can be revoked, by me, at any time. Signed Date 5

relevant records Being Disclosed to: or a person acting with his/her authority.

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of