Data protection
1. The Data Protection Act
The Data Protection Act controls how your personal information is used by organisations, businesses or the government.
Everyone who is responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- accurate
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the UK without adequate protection
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- health
- sexual health
- criminal records
2. Find out what data an organisation has about you
The Data Protection Act gives you the right to find out what information the government and other organisations stores about you.
Write to the organisation and ask for a copy of the information they hold about you. If you do not know who in the organisation to write to, address your letter to the company secretary.
The organisation is legally required to provide you with a copy of the information they hold about you if you request it.
When information can be withheld
There are some situations when organisations are allowed to withhold information, eg if the information is about:
- the prevention, detection or investigation of a crime
- national security or the armed forces
- the assessment or collection of tax
- judicial or ministerial appointments
An organisation doesn’t have to say why they are withholding information.
How much it costs
Some organisations may charge you for providing the information. The cost is usually no more than £10 but it can be more if the information is contained within either:
- certain types of records eg health or education records
- a large number of paper records held in an unstructured way by a public authority
3. Make a complaint
If you think your data has been misused or that the organisation holding it hasn’t kept it secure, you should contact them and tell them.
If you are unhappy with their response or if you need any advice you should contact the Information Commissioner’s Office (ICO).
ICO helpline
Telephone: 0303 123 1113
Find out about call charges.
The ICO can investigate your claim and take action against anyone who has misused personal data.
You can also visit their website for information on how to make a data protection complaint.