Handling Personal Information Policy

1. The City Council needs to collect and use information about people it deals with, including service users, employees, contractors and others.  The Council is, in some cases, required by law to process personal information.
   
   
2. All this personal information must be dealt with properly no matter how it is collected, recorded or used.  This applies whether or not the information is held on paper or in a computer or recorded by some other means.  The Data Protection Act 1998 and other law requires that information is properly handled at all times.

1. People who give the Council their personal information should be able to trust it to handle that information lawfully, fairly and with due regard to their rights at all times.
   
   
2. The success of the Council's operations often depends on the people it deals with having confidence in its procedures, especially those which involve their personal information.
   
   
3. This policy clearly spells out the commitments that the Council gives to everyone it holds personal information about.  This policy has been widely distributed and all staff who handle personal information are aware of it.

The City Council will make sure that it:

• complies with the law about personal information and adopts the best practice in handling it at all times
  
  

• complies with the Data Protection principles in the Data Protection Act 1998
  
  

• processes personal information fairly and lawfully
  
  

• clearly specifies the purposes for which personal information is to be used
  
  

• processes personal information only to the extent needed to fulfil its legal obligations and other responsibilities
  
  

• checks (where possible) the quality of the personal information it handles
  
  

• keeps personal information for the minimum necessary time
  
  

• respects the rights of people about whom information is held (for example the right of access to personal information; the right to have it corrected, etc, in appropriate cases)
  
  

• takes appropriate security measures to safeguard personal information
  
  

• does not transfer personal information abroad inappropriately
  
  

• only withholds personal information from the person it is about when this is allowed by law and is justified in the circumstances.

This policy was approved by Cabinet on 8th April 2002 and took effect on that date.  It replaced the 1991 Council Policy on Access to Personal Information.