You are Here : Council  >  Council and Democracy  >  Data Protection
Tuesday , April , 24 2018

Carlisle City Council

The Data Protection Act 1998  imposes stringent requirements that any organisation holding personal data must comply with. The legislation states that all processing undertaken must be fair and lawful, accurate and up-to-date, and that the data is adequate, relevant, not excessive and is held for no longer than is necessary. It is also mandatory that appropriate technical measures are taken to prevent unauthorised or unlawful processing or disclosure of data. This includes accidental loss or destruction of, or damage to, personal data.

Personal data can only be processed if at least one 'condition for processing' applies. These conditions are set out in the Act and include consent, a legal obligation or the processing is necessary for the performance of a contract. The rules also introduce "sensitive personal data", which includes any information that details racial or ethnic origin, political affiliations, sexual orientation, religious or other beliefs. This data demands greater protection and one of the following must be true: an individual's explicit consent is required; is a legal requirement; to protect the vital interests of the individual. Where consent is obtained, the individual must be made fully aware of the purposes for which the data is to be used and of any recipients.

Data held in manual or paper form is subject to the Act.

Individuals' rights are enshrined in provisions to enable anyone to see a full description of the data held about him, on payment of a fee. This information has to be altered if it is inaccurate or likely to cause damage or distress (subject to an exemption).

Individuals can also request details of how automatic decision-making processes operate. This can impact on the use of data for direct marketing, either by mail or telephone. Compensation can be claimed for damage caused by breach of the Act.

Data Protection Policy

Carlisle City Council's Data Protection Policy is based on the Data Protection Act 1998. It should be read in conjunction with the Appendices and the Definitions Section, which contain details of some of the terms used throughout this policy. The policy document is maintained by the Council's Information Officer.

  • Definitions
  • Statement of intent
  • Fair and lawful processing
  • Consent
  • Security measures
  • Transfers overseas

More information on these definitions are available in the FAQ below, If you have any queries regarding the City Council's Data Protection Policy, please contact:

Information Officer
Civic Centre

Tel: 01228 817165
E-mail: [email protected]

  Data Protection - FAQ

Fair and lawful processing

The Council will justify all processing of personal data under one of the following conditions: -

  • the data subject has given his consent to the processing;
  • the processing is necessary for the performance of a contract or the entering into a contract to which the data subject is party;
  • the processing is necessary for compliance with a legal obligation to which the Council is subject;
  • the processing is necessary in order to protect the vital interests of the data subject;
  • the processing is necessary for the administration of justice; or
  • the processing is necessary for the purpose of the legitimate interests of the Council provided such processing does not harm the legitimate interests of the data subject.

Where the Council processes sensitive personal data, at least one of the following conditions will also be true:-

  • the data subject has given his explicit consent;
  • the processing is necessary for the Council to comply with employment law;
  • the processing is necessary to protect the vital interests of the data subject, where it cannot be reasonably expected to obtain explicit consent, or to protect another persons vital interests where consent by or on behalf of the data subject has been unreasonably withheld;
  • the information contained in the personal data has been made public as a result of steps deliberately taken by the data subject - eg council members' political opinions are public by their very nature;
  • the processing is necessary in connection with legal proceedings, obtaining legal advice, and for the purpose of establishing, exercising or defending legal rights;
  • the processing is necessary for the administration of justice, functions of enactment, and functions of the Crown, a Minister of the Crown or a government department;
  • the processing is necessary for medical purposes only when undertaken by a health professional or other person who owes a duty of confidentiality which is equivalent to that which governs a health professional;
  • the processing is necessary for the commitments to Equal Opportunity and is carried out with appropriate safeguards for the rights and freedoms of data subject; or
  • the processing is specified by the relevant Secretary of State.

Departments will address their minds to the requirement to have legitimate basis for processing and continually review current processing. Failure to meet the conditions for personal and sensitive personal data will mean that The Council is in breach of the Data Protection Act 1998 and therefore subject to possible enforcement action by the Information Commissioner's Office.

When the Council collects data, the data requested will be adequate for the specified purpose(s); it will be relevant and not excessive. Carlisle City Council will hold the minimum personal data necessary to enable it to perform its functions. The Council will always inform its data subjects, when obtaining data, of all the purposes for which that data will be used. Those purposes will be notified to the Information Commissioner's Office, and the data will never be used illegally.

The Council will endeavour to ensure that all data is accurate and up-to-date, and will correct inaccuracies quickly. Carlisle City Council will only hold personal data for as long as is necessary for the notified purpose(s), after which time it will be deleted. Where details of individuals are stored for long term archive or historical reasons and it is necessary to retain personal details within the records, it will always be done within the requirements of the law.

Redundant personal data will be destroyed under the Council's procedure for the disposal of confidential waste.  In general, paper waste is shredded and magnetic media (tapes, discs and CD archives) are electronically "wiped" or physically destroyed beyond recovery.

This A to Z of services list provides links to service pages alphabetically