Strathclyde Fire & Rescue Logo
Logo

home FOI Data Protection

What does the Act mean to Strathclyde Fire & Rescue?

As an organisation that processes personal information on living identifiable individuals the Data Protection Act 1998 states that we must register with the Government's Data Commissioner. We must inform him of our purpose for processing this information. This is legally binding and there are financial penalties for failure to comply.

Do members of staff or members of the public (data subjects) have any control over what SFR holds on them?

  • Yes they do. The data subject has the right to know what information is held on them and to have the information removed if is not lawfully processed or legally obtained.
  • They have the right to access the information, see it, be given copies of it or be given a written summary of what is held.
  • This is known as subject access request. Requests should be made in writing to Data Protection Officer and the fee required is £10.
  • The Data Protection Officer has 40 days to make a full response to a request.

The 8 Principles of the Data Protection Act are:

  • Processed fairly and lawfully
  • Obtained for specific and lawful purposes and not for any other purposes
  • Adequate, relevant and not excessive
  • Accurate and kept up to date
  • Kept only for as long as necessary
  • Processed in accordance with the rights of the data subject
  • Secure
  • Not transferred to countries without adequate protection

We need to identify

  • The information we hold
  • Why and how we hold it
  • How long we hold it for
  • Who we share it with

How do we do that?

By carrying out a data audit

What is a data audit?

A collation of all the personal information that SFR holds - how is it held, why is it held, how long it is held and who is it shared with

Personal Information

This can be sensitive or non-sensitive data that SFR has about you or members of the public

What is sensitive data?

  • Religious or other beliefs
  • Racial or ethnic origin
  • Sexual Life
  • Trade union membership
  • Political opinions
  • Physical or sexual health

What is non-sensitive data?

  • Name
  • Address
  • Telephone numbers

Once we have collected all the information we must make sure that:

  • We are processing information according to the 8 principles of the Act
  • That we only process it for the purpose highlighted in our Notification to the Information Commissioner

If we are not, we have to act quickly as failure to comply can result in heavy financial penalties. We must either:

  • Change the Notification - if there is a definite need for us to process the information
  • Destroy the information we cannot justify holding (as confidential waste)

How does the Act affect us when we are carrying out our day to day work?

  • When carrying out our daily tasks, we become data processors using personal information and we have a duty to work within the 8 Principles of the Act.
  • Heads of Departments/Services are data managers and they have responsibility for ensuring their teams work according to the principles and for ensuring that information is processed correctly.
  • There are heavy financial penalties for failure to comply.

Definitions of the Data Protection Act

  • Personal Data - Data from which a living individual, or living individuals, may be identified.
  • Data Subjects - The person(s) to whom the information refers.
  • Data Controller - The organisation capturing, storing and processing Personal Data.
  • Data Processor - Third party processing data for or on behalf of the Data Controller.

Subject Access

The subject access provision of the Data Protection Act 1998 states individuals have the right to a copy of any personal data held on them.

Section 7 of the Data Protection Act 1998 states that a "data subject" is entitled, upon request, to be informed whether or not personal data is held or processed about them.

Subject access requests cannot be accepted via email.

Should you wish to make a request for subject access you can download a subject access request form and forward the completed form by post, along with payment and proof of identity to:

Sharon Reid - FOI/DP Officer
Strathclyde Fire & Rescue Headquarters
Bothwell Road
Hamilton
ML3 0EA
Tel: 01698 300999 (ask for Sharon Reid)
Email: sharon.reid@strathclydefire.org

If you require further information regarding the Data Protection Act you can visit: www.dataprotection.gov.uk