The Data Protection Act applies to personal information. This is information about living, identified or identifiable individuals and includes information such as names and address, bank details, and opinions expressed about an individual.
The Act regulates how personal information is used and requires organisations to comply with eight principles or rules of good information handling. It also requires some organisations to tell the Information Commissioner's Office (ICO) what they use personal information for..
Personal information can be used by an organisation only where it can meet one of a number of conditions set out in the Act. In most cases, it should not be too difficult to meet one of these conditions, which include having the individual's consent or having a legitimate interest in using their personal information.
The Act does classify some personal information as "sensitive" personal information and there are stricter rules about this. This is information about:
- Racial or ethnic origin
- Political opions
- Religious or similar beliefs
- Trade union membership
- Physical or mental health or condition
- Sexual life
- Offenses or alleged offences committed
- Proceedings relating to those offenses or alleged offenses
You can only use sensitive personal information where you can meet one of a narrower set of conditions for processing the information, as well as being able to meet one of the conditions for processing standard personal information. These conditions make sure that this sensitive information is only used where an organisation has an essential need to use it, or where the individual has given explicit consent. You may have to get explicit consent unless you need the information to comply with legal or employment obligations or rights. As you are responsible for staff security, you are allowed to record violent behaviour towards staff. Amending a customer file in this way usually means that you have to inform the individual in question.
|
www.skoolties.com
