In common with most large organisations, Clackmannanshire Council relies heavily on the information it collects and holds to fulfil its aims, objectives, and obligations. Information relating directly to people (personal data) is an essential Council asset which must be properly managed in order to deliver efficient and effective services, ensure legal compliance, and to protect the Council’s image as a responsible organisation.
Ensuring the continued availability, integrity, and security of personal data held by the Council is a prime corporate and service requirement. It is also an obligation under the Data Protection Act 1998 (the Act). Effective data management is essential for ensuring compliance with the Act and to make sure that confidence between the Council and service users, staff, and others with whom the Council has dealings is maintained.
Council is committed to protecting the rights of individuals by ensuring that all personal data it holds is used appropriately and lawfully. By openly promoting a process through which individuals can gain access to the personal data about them held by the Council (whether in paper or computer media format) public confidence in the Council’s procedures will be maintained. The Council’s primary aim is to ensure that all personal data processing carried out on its behalf (either in-house or by contractors or system suppliers) complies with the eight data protection principles and key legislative requirements.
Briefly, the Data Protection Act covers the collecting of personal data from any source, the storage and processing of that data (for identified purposes only), the control of onward disclosures from data sets held, and the rights of individuals to obtain copies of data about themselves. Elected members, staff, contractors and suppliers all have obligations under the Act. The Council recognises the need to raise awareness to the requirements, and also to monitor compliance. General compliance with the legislation is monitored nationally by the office of the Information Commissioner.
The Council’s Data Protection Officer (The Head of Strategy and Customer Services) has the responsibility for ensuring Data Protection Act compliance throughout the Council. Through Heads of Service and service-based data protection co-ordinators the Council will, through good management and the application of proper procedures:
The policy will be implemented by Services and monitored by the Data Protection Officer (DPO). In implementing the policy, the aim will be to ensure that:
In meeting its policy objectives, the Council will implement a range of secondary supporting policies as necessary. These secondary policies will be approved by the DPO with the aim of securing compliance with one or more of the eight data protection principles contained in the Act. They may relate to activities across the whole of the Council, or where necessary to the activities of a single service or part of a service.
These secondary policies may include:
These secondary policies will be developed by Services in conjunction with Administration and Legal Services.
The Act requires, and the Council will ensure, that there is compliance with the eight Data Protection Principles. The overall aim is to ensure that personal data is:
Senior Governance Officer, Democracy Team
Kilncraigs, Greenside Street, Alloa, FK10 1EB
Tel: 01259 450000