Newbrough Parish Council Data Protection Policy

Newbrough Parish Councils Data Protection & Information Security Policy
Newbrough Parish Council recognises its responsibility to comply with the Data Protection Act 1998 which regulates the use of personal data. The Data Protection Act 1998 sets out high standards for the handling of personal information and protecting individuals’ rights for privacy. It also regulates how personal information can be collected, handled and used. The Data Protection Act applies to anyone holding personal information about people, electronically or on paper. This data does not have to be of a sensitive nature; it can be as little as a name and address.
Newbrough Parish Council has a number of procedures in place to ensure that it complies with The Data Protection Act 1998 when holding personal information. The Parish Council has also notified the Information Commissioner that it holds personal data about individuals. When dealing with personal data, Newbrough Parish Council staff and Councillors will ensure that they follow the eight Data Protection Principles which are:-
1. It must be collected and used fairly and within the law.
2. It must only be held and used for the reasons given to the Information Commissioner.
3. It can only be used for those registered purposes and only be disclosed to those people mentioned in the register. It cannot be given away or sold unless you said you would to begin with.
4. The information held must be adequate, relevant and not excessive when compared with the purpose stated in the register. So you must have enough detail but not too much for the job that you are doing with the data.
5. It must be accurate and be kept up to date. There is a duty to keep it up to date, for example to change an address when people move. (A data controller can keep data for any length of time if it is being used for statistical, historical or research purposes).
6. It must not be kept longer than is necessary for the registered purpose. It is alright to keep information for certain lengths of time but not indefinitely. This rule means that it would be wrong to keep information about past customers longer than a few years at most.
7. The information must be kept safe and secure. This includes keeping the information backed up and away from any unauthorised access. It would be wrong to leave personal data open to be viewed by just anyone.
8.The files may not be transferred outside of the European Economic Area.
Storing and accessing data
Newbrough Parish Council recognises its responsibility to be open with people when taking personal details from them. This means that Councillors and staff must be honest about why they want a particular piece of personal information. If, for example, a member of the public gives their phone number or address to staff or a member of Newbrough Parish Council, this will only be used for the purpose it has been given and will not be disclosed to anyone else without the person’s permission.
Please make Councillors and staff aware when making complaints or queries if you wish these to remain confidential. All data is kept within a secure setting & work laptops are password protected. Newbrough parish clerk is the Data Controller & will be able to answer any queries you have regarding our use of data, storage & access as well.