You are Here : Council  >  Council and Democracy  >  Data Protection
Wednesday , February , 21 2018

Carlisle City Council

The Data Protection Act 1998  imposes stringent requirements that any organisation holding personal data must comply with. The legislation states that all processing undertaken must be fair and lawful, accurate and up-to-date, and that the data is adequate, relevant, not excessive and is held for no longer than is necessary. It is also mandatory that appropriate technical measures are taken to prevent unauthorised or unlawful processing or disclosure of data. This includes accidental loss or destruction of, or damage to, personal data.

Personal data can only be processed if at least one 'condition for processing' applies. These conditions are set out in the Act and include consent, a legal obligation or the processing is necessary for the performance of a contract. The rules also introduce "sensitive personal data", which includes any information that details racial or ethnic origin, political affiliations, sexual orientation, religious or other beliefs. This data demands greater protection and one of the following must be true: an individual's explicit consent is required; is a legal requirement; to protect the vital interests of the individual. Where consent is obtained, the individual must be made fully aware of the purposes for which the data is to be used and of any recipients.

Data held in manual or paper form is subject to the Act.

Individuals' rights are enshrined in provisions to enable anyone to see a full description of the data held about him, on payment of a fee. This information has to be altered if it is inaccurate or likely to cause damage or distress (subject to an exemption).

Individuals can also request details of how automatic decision-making processes operate. This can impact on the use of data for direct marketing, either by mail or telephone. Compensation can be claimed for damage caused by breach of the Act.

Data Protection Policy

Carlisle City Council's Data Protection Policy is based on the Data Protection Act 1998. It should be read in conjunction with the Appendices and the Definitions Section, which contain details of some of the terms used throughout this policy. The policy document is maintained by the Council's Information Officer.

  • Definitions
  • Statement of intent
  • Fair and lawful processing
  • Consent
  • Security measures
  • Transfers overseas

More information on these definitions are available in the FAQ below, If you have any queries regarding the City Council's Data Protection Policy, please contact:

Information Officer
Civic Centre

Tel: 01228 817165
E-mail: [email protected]

  Data Protection - FAQ

Security measures

The Council has implemented appropriate security measures in line with the Data Protection Act 1998. In particular unauthorised staff and other individuals are prevented from gaining access to personal information. Appropriate building security is in place with visitors being received and supervised when outside public areas, where information about individuals is stored. Computer systems are installed with password controls and, where necessary, audit and access trails to establish each user is fully authorised. In addition, employees are fully informed about overall security measures and the importance of their role in the success of those measures.

Security arrangements are reviewed regularly. All new computer systems will be designed to provide appropriate security measures for the level of personal data being processed. The necessary level of security for each new system will be judged on the sensitivity of the data to be administered, and this will be brought to the attention of third party suppliers when tendering for new systems, and will be part of any new contracts.

Officers of the Council will not under any circumstances take sensitive personal data home, or access personal data from home, for use on home computers, or on a Council laptop/notebook PC. This information will not be downloaded, carried home on memory sticks/CDs, printed out and carried home, or e-mailed to ones' own e-mail address. The Council is covered to hold personal data, for the notified purpose(s) and although the processing may be legal, the appropriate security measures, as discussed above, would not be in place to do such processing at home. The processing/carrying of some information may be permitted, but this will be judged on an individual basis, and there must be adequate security arrangements for the level of data, for example, password protection or encryption.

This A to Z of services list provides links to service pages alphabetically