Data Protection
Transfers overseas
The Data Protection Act 1998 states that "Personal data shall
not be transferred to a country or territory outside the European
Economic Area (EEA - EU Member states together with Iceland,
Liechtenstein and Norway - a list of all countries who the
Commissioner deems to have adequate protection will be on the
Information Commissioners website), unless that country or
territory ensures an adequate level of protection for the rights
and freedoms of data subjects in relation to the processing of
personal data...". Although Carlisle City Council has no direct
dealings in personal information with any country outside the
legislation, this statement becomes important with the emergence of
the Internet and the Councils' increased use of web technologies.
Any individuals whose personal details (name, picture, etc) appear
on our websites, will have been equipped with the full implications
of doing so, and have given their "informed" consent for their
personal details to be processed in such a way.
Appendix (a)
The Information Officer, along with departmental
representatives, will endeavour to meet on an annual basis to
discuss, amongst other things, the life of data currently held by
their departments and whether some data might have outlived its
purpose. This will include reviewing the policy of archive and
storage, and disposing of magnetic and paper copies of sensitive
data.
All sensitive data on paper will be collected by a licensed
confidential waste disposal for shredding, this will be followed by
certification that the correct number of bags were destroyed, and
on what date. This should tie in with the records kept by the
individual departments, so that every bag sent for destruction is
accounted for.
PC diskettes will be electronically wiped where appropriate, or
totally destroyed. Tapes used by the major corporate systems, are
physically destroyed, or overwritten.