You are Here : Council  >  Council and Democracy  >  Data Protection
Saturday , February , 24 2018

Carlisle City Council

The Data Protection Act 1998  imposes stringent requirements that any organisation holding personal data must comply with. The legislation states that all processing undertaken must be fair and lawful, accurate and up-to-date, and that the data is adequate, relevant, not excessive and is held for no longer than is necessary. It is also mandatory that appropriate technical measures are taken to prevent unauthorised or unlawful processing or disclosure of data. This includes accidental loss or destruction of, or damage to, personal data.

Personal data can only be processed if at least one 'condition for processing' applies. These conditions are set out in the Act and include consent, a legal obligation or the processing is necessary for the performance of a contract. The rules also introduce "sensitive personal data", which includes any information that details racial or ethnic origin, political affiliations, sexual orientation, religious or other beliefs. This data demands greater protection and one of the following must be true: an individual's explicit consent is required; is a legal requirement; to protect the vital interests of the individual. Where consent is obtained, the individual must be made fully aware of the purposes for which the data is to be used and of any recipients.

Data held in manual or paper form is subject to the Act.

Individuals' rights are enshrined in provisions to enable anyone to see a full description of the data held about him, on payment of a fee. This information has to be altered if it is inaccurate or likely to cause damage or distress (subject to an exemption).

Individuals can also request details of how automatic decision-making processes operate. This can impact on the use of data for direct marketing, either by mail or telephone. Compensation can be claimed for damage caused by breach of the Act.

Data Protection Policy

Carlisle City Council's Data Protection Policy is based on the Data Protection Act 1998. It should be read in conjunction with the Appendices and the Definitions Section, which contain details of some of the terms used throughout this policy. The policy document is maintained by the Council's Information Officer.

  • Definitions
  • Statement of intent
  • Fair and lawful processing
  • Consent
  • Security measures
  • Transfers overseas

More information on these definitions are available in the FAQ below, If you have any queries regarding the City Council's Data Protection Policy, please contact:

Information Officer
Civic Centre

Tel: 01228 817165
E-mail: [email protected]

  Data Protection - FAQ

Releasing CCTV for evidence

Arguably, CCTV is one of the most powerful tools to be developed during recent years to assist with efforts to combat crime and disorder whilst enhancing community safety. Equally, it may be regarded by some as the most potent infringement of people's liberty.

If users, owners and managers of such systems are to command the respect and support of the general public, the systems must not only be used with the utmost probity at all times, they must be used in a manner which stands up to scrutiny and is accountable to the very people they are aiming to protect. Carlisle City Council is committed to the belief that everyone has the right to respect for his or her private and family life. Although the use of CCTV cameras has become widely accepted in the UK as an effective security tool, those people who do express concern tend to do so over the handling of the information (data) which the system gathers.

Primary request to view data

Primary requests to view data generated by a CCTV system are likely to be made by third parties for any one or more of the following purposes:

  • providing evidence in criminal proceedings
  • providing evidence in civil proceedings or tribunals
  • the prevention of crime
  • the investigation and detection of crime (may include identification of offenders)
  • identification of witnesses.

Disclosure in these circumstances is permitted under section 29(3) of the Data Protection Act 1998, which relates to (the prevention or detection of crime and the apprehension or prosecution of offenders), and under section 35 of the Data Protection Act which relates to disclosures required by law or made in connection with legal proceedings. 

Third parties, which are required to show adequate grounds for disclosure of data within the above criteria, may include, but are not limited to:

  • police
  • statutory authorities with powers to prosecute, (eg Customs and Excise; Trading Standards, etc.)
  • solicitors
  • claimants in civil proceedings
  • accused persons or defendants in criminal proceedings
  • other agencies, (as agreed by the council and notified to the Information Commissioner) according to purpose and legal status.

If your organisation needs to request CCTV footage (that is held by us) for the purposes of preventing or detecting crime, the apprehension or prosecution of offenders, please use the CCTV Data Protection Act s29(3) request form (police and statutory enforcement bodies) in the downloadable documents section below. 

Secondary request to view data

A 'secondary' request for access to data may be defined as any request being made which does not fall into the category of a primary request. Before complying with a secondary request, the council shall ensure that:

  • the request does not contravene, and that compliance with the request would not breach, current relevant legislation, (eg Data Protection Act 1998, Human Rights Act 1998, section163 Criminal Justice and Public Order Act 1994, etc);
  • any legislative requirements have been complied with, (e.g. the requirements of the Data Protection Act 1998, Freedom of Information Act 2000 and Enviromental Information Regulations 2004);
  • due regard has been taken of any known case law (current or past) which may be relevant; and
  • the request would pass a test of 'disclosure in the public interest'.

If you or your organisation need to request CCTV footage (that is held by us), and the footage is not of yourself or and is not required for the purposes of the prevention or detection of crime or the apprehension or prosecution of offenders, please use the CCTV Freedom of Information Act/Environmental Information Regulations general request form in the downloadable documents section below.  These requests will be treated under the general provisions of the Freedom of Information Act 2000, or if the information is about the environment, the Environmental Information Regulations 2004. 

Individual subject access under data protection legislation

Under the terms of the Data Protection Act 1998, individual access to personal data, of which that individual is the data subject, (eg the person in the footage) must be permitted providing:

  • the request is made in writing
  • a specified fee is paid (£10)
  • the council is supplied with sufficient information to satisfy themselves of the identity of the person making the request
  • the person making the request provides sufficient and accurate information about the time, date and place to enable the council to locate the information which that person seeks, (it is recognised that a person making a request is unlikely to know the precise time. Under those circumstances it is suggested that within one hour of accuracy would be a reasonable requirement)
  • the person making the request is only shown information relevant to that particular search and which contains personal data of her or him self only, unless all other individuals who may be identified from the same information have consented to the disclosure.

In the event of the council complying with a request to supply a copy of the data to the subject, only data pertaining to the individual should be provided, (all other personal data which may facilitate the identification of any other person should be concealed or erased).

The council is entitled to refuse an individual request to view data under these provisions if insufficient or inaccurate information is provided, however every effort should be made to comply with subject access procedures and each request should be treated on its own merit.
In addition to the principles contained within the Data Protection legislation, the council should be satisfied that the data is:

  • not currently and, as far as can be reasonably ascertained, not likely to become, part of a 'live' criminal investigation
  • not currently and, as far as can be reasonably ascertained, not likely to become, relevant to civil proceedings
  • not the subject of a complaint or dispute which has not been actioned
  • the original data and that the audit trail has been maintained
  • not removed or copied without proper authority
  • for individual disclosure only (ie to be disclosed to a named subject).

If you need to request CCTV footage of yourself (that is held by us), please use the CCTV Data Protection Act Subject Access Request form in the downloadable documents section below. 

For more information please contact the council's Corporate Information Officer

Telephone: 01228 817165

E-mail: [email protected]

Corporate Information Officer
Carlisle City Council
Civic Centre

This A to Z of services list provides links to service pages alphabetically