Data protection

Overview

The Data Protection Act 2018 was introduced:

  • to give individuals right of access to their own personal data
  • to regulate and control how individuals and organisations acquire, process and hold personal data

The purpose of the Act is to make sure that data is processed with the highest level of protection to safeguard the interests of individuals to prevent any cause of harm or suffering to a person.

View Sounth Tyneside Council's Data protection policy.

How the Data Protection Act works

Under the Data Protection Act anyone processing personal information must comply with the eight principles of handling information.

The Act stipulates that data processed must be:

  • obtained fairly and lawfully
  • obtained only for the specified purpose it was given and can not be used for any other incompatible purpose
  • should be adequate, relevant and not excessive
  • should be kept up to date and accurate
  • should not be kept for longer than necessary
  • should be processed in accordance with the individuals rights (i.e. data subject)
  • should be secure
  • should not be transferred to countries outside the European Union unless that country has adequate protection for the individual

How to stop the Council from using your information for direct marketing purposes

You can write to the Council to request your information be removed from any direct marketing lists.

The Council will respond to you within 21 days to confirm if this request can be met.

Types of information and personal data

The Council holds a variety of information about local residents in South Tyneside.

Personal data is information that identifies you as a living individual. The Act does not cover personal data about deceased individuals.

It can refer to any of the following:

  • Videos / tapes
  • CCTV footage
  • Electronic databases
  • Paper filing system
  • Photographs (including scanned images)
  • Emails

Information the Council holds about its residents

Personal data has to be gathered to allow the Council to provide its services efficiently and effectively (e.g. Council Tax, Housing Benefits, Rent, Education, Social Services etc).

Some examples of personal data include:

  • Personal data e.g. names / addresses / telephone numbers
  • Tenancy agreements
  • Complaints file
  • Photographs and CCTV
  • An expression of an opinion
  • A statement from a doctor
  • Council Tax , Benefits or Electoral roll
  • Licensing, planning and Trading standards

What is meant by 'processing' personal data

South Tyneside Council cannot process personal data fairly and lawfully unless one of the following criteria has been met:

  • the individual has given his or her consent to the processing
  • processing is necessary for the performance of a contract with the individual
  • processing is required under a legal obligation
  • processing is necessary to protect the vital interests of the individual
  • processing is necessary to carry out public functions e.g. administration of justice
  • processing is necessary in order to pursue the legitimate interests of the data controller or third parties (unless it could unjustifiably prejudice the interests of the individual)

Making a request

Who can make a data protection request

Any person, regardless of their age can request information about themselves in writing so long as it is supported with:

  • appropriate photo identification, e.g. passport, driving license
  • proof of address
  • appropriate fee
  • appropriate consents
  • and they have the capacity to understand the information provided

Children can apply for access to their own records provided they are capable of understanding the nature of the request and the information content disclosed.

Typically children over 13 are considered old enough to make their own request, depending on their capacity and maturity.

Arranging for someone to make a data protection request on your behalf

A friend, relative or solicitor may request information on your behalf but they must have obtained written authorisation from you to do this.

Cost

There is no charge for data protection requests.

Information you will receive after a request is made

Generally you will be given a copy of the records we hold on you.

This may be in a form of a computer printout or a photocopy of manual records.

Third party information will be redacted (removed with a black mark covering the text).

Requesting a different format

You may request that the information is supplied in a particular format. There may be an additional cost for this.

It may be possible to supply the information in braille, audio format, large type, or another language but you must clearly state this in your request.

Subject access requests

All subject access requests must be made to the Information Governance Team.

You need to:

  • Put your request in writing:
  • You will need to include: 
    • your full names and names you have been known by
    • contact details such as email address, home address or telephone number
    • as much information as possible to assist with your request (this can include the areas of the council you may have been involved with and time periods you are requesting information from)

Once we have received your request

Once we have received your request we will ask you to make an appointment to attend the Town Hall with:

  • proof of identity (preferably photo ID such as a passport or photo driving licence)
  • proof of address (driving licence, utility bill or an official letter dated in the last 3 months)

How long a subject access request will take

All subject access requests must be responded to within 30 calendar days and must confirm the following data:

  • A description of the personal data held
  • Why the data is held
  • Who else may have been given the data
  • A copy of the data
  • An explanation of any technical terms or abbreviations
  • Any information about the original source of information

If your request is unclear or ambiguous the 30 statutory calendar day period will be suspended and will not commence until we have received clear instructions from you.

Applying on behalf of someone else

If you are applying for your child under 13 then you will need to supply proof of parental responsibility.

If you are applying on behalf of a child over the age of 13, they may be required to request the records themselves.

If you are applying on be half of another family member we will need their written consent and proof of ID and may need to meet them or a copy of a Power of Attorney covering the records your are requesting.

If your access request is refused

If your subject access request is refused you can appeal against this decision by writing to the Information Commissioner at the address below:

Information Commissioner's Office 
Wycliffe Lane 
Wilmslow 
Cheshire 
SK9 5AF

Tel. No: 01625 545745 
Fax No: 01625 534510 
Website: Information Commissioner's Office

Please note the Information Commissioner will only consider your request for an independent review once you have exhausted the Council's internal review / complaint process.

More information

For enquiries or to discuss the process please telephone 0191 424 6539.

If part of a Data Protection request falls within the  Freedom of Information Act 2000 or Environmental Information Regulations 2004  then the correct regime will apply in terms of timescale, costs and exemptions.

Our responsibilities and your rights

We may need to collect personal information about you to provide our services.

We also have a legal duty to collect personal information for certain purposes such as Council Tax collection.  

The Data Protection Act 2018 and General Data Protection Regulation set out in law how we can and can't use your personal information.

South Tyneside Council is the Data Controller for your personal information. We are registered with the Information Commissioner's Office under registration reference Z5765988.

We have a legal responsibility to make sure that all data collected, obtained and processed receives the highest level of protection and is safeguarded from loss and unauthorised processing.

Your rights

The Data Protection Act provides you with the following rights:

  • The right to a subject access request to find out what personal data is held about you.
  • The right to prevent processing of personal data
  • The right to prevent process for direct marketing
  • Your right in relation to automated decision-taking - for e.g. individuals have a right to object to automated decisions made them where there has been no human involvement
  • The right to compensation for damage or distress caused by a breach of the Act.
  • The right to rectify, block or erase inaccurate data held on file
  • The right to ask the Information Commissioner to assess your case if personal data has not been processed in accordance with the Data Protection Act.

Consent to re-use information

All personal data supplied to the Council must be used for the purpose it was specified for.

If we wish to process existing information for a new purpose, we must tell you of this change by law, and ask for your consent.

There are some exemptions that apply to the Act where we do need to get your consent:

  • the data is required by statutory or legal obligations - for e.g. CSA, DWP etc.
  • disclosure is in the vital interests of a person - for example it is a life or death situation.
  • disclosure will prevent injury or harm to a person's health.
  • disclosure will prevent / detect crime or the apprehension of offenders (s29).
  • disclosure will help with the assessment or collection of Council tax or duty.
  • disclosure is considered in the public interest - for example in respect of a criminal activity.
  • the data is considered to be in the interests of national security.
  • the information is used for research, historical or statistical purposes.
  • information is covered by legal privilege.
  • a court order is provided - although this can be challenged. This could possibly be challenged if for example a "safe address" of a person living in fear was to be revealed.
  • there is a departmental requirement to carry out a Council's statutory function.
  • disclosure is necessary for the purpose of obtaining legal advice, or establishing, exercising or defending the Council's legal rights (s35).

Under this requirement we are also exempt from Electoral Registration changes or where data consists of our intentions with regards to negotiations with individuals.

If you need advice about the information requested

The Council can offer guidance and advice about the information you have requested.

Contact the person who dealt with your request.

If your data is incorrect

The Council is legally obliged under the Data Protection Act to keep personal data accurate and up to date.

If you believe the personal data we hold about you is inaccurate you will need to make a request in writing to inform us of the data inaccuracy(s).

The Council has 21 days to respond to your notification and agree to either update your details or record a file disagreement notice.

If you are dissatisfied with this decision you can appeal to the Council's Records Management Team for further advice in the first instance.

Any further action will need to be taken up with the Information Commissioner who will independently review your case.

What to do if you have a data protection concern

If you have any concerns or queries about how your personal information is being held or used, please contact the Information Governance team:

Information Governance
South Tyneside Council
Town Hall and Civic Offices
Westoe Road
South Shields
NE33 2RL

Phone: 0191 424 6539

Email: data.protection@southtyneside.gov.uk

If you are not satisfied with the Council's response

If you are dissatisfied with the Council's response to your concern, you can submit a compliant to the Information Commissioner's Office.

The Information Commissioner is responsible for enforcing the Data Protection Act and has a duty to investigate all complaints.

All reviews conducted by the Information Commissioner should have exhausted the Council's internal review procedures. Failure to abide by this may result in the Information Commissioner reverting the matter back to the Council for a second review.

Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 01625 545 745
Fax No: 01625 524 510
Email: mail@ico.gsi.gov.uk
Website: Information Commissioner

How to make a claim for compensation

If you feel the Council has not abided by the legal requirements of the Act and has caused you unforeseen damage or distress, you may in some circumstances be able to make a claim for compensation.

All claims will need to be quantified in terms of costs and distress.

You will need to appoint a solicitor to act on your behalf to make a claim through the courts.

All claims will need to be supported by documented evidence that emphasises that the Council has not taken reasonable steps to make sure that they're compliant with the Act, and that as a result damage or distress has been incurred.

Accessing personal data

Accessing personal data about other people

You only have right of access to your own personal data.

You do not have right of access to personal data about any other individual, such as your family, friends or neighbours except in the following circumstances:

  • you are a parent requesting information about a child but there is no automatic right to the data. If a child is old enough to give informed consent and understands the contents of the information, the council will be guided by their wishes. In most cases children aged 13 and above are regarded as having sufficient maturity to respond to such requests but each case will be judged on its own merits. In all cases disclosure would only occur if it is in the best interests of the child.
  • a solicitor is requesting information on behalf of a client - a signed authority form from the person concerned is required
  • an agent or family person has written authorisation to act on behalf of a person.

Getting your information

You can usually get your information, but there are exemptions under the Data Protection Act that prevent certain records being released.

The main exemptions are as follows:

  • Law enforcement - catching or prosecuting offenders
  • National security
  • Assessing or collection of taxes/duties
  • Adoption records and reports
  • Examinations marks and examinations comments
  • Personal data about someone
  • Information that would identify someone who has supplied data in confidence about you.

In circumstances where data held on you relates to another person, the Council will need to ask for their permission before this information can be released.