Specifically the Principles require the following:
Personal data shall be processed fairly and lawfully, and, in particular, shall not be processed unless specific conditions for processing are met.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Personal data shall be accurate, and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of individuals under this Act.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal data.
SCC will also undertake the following:
Observe fully the conditions regarding the fair collection and use of information.
Meet its legal obligations to specify the purposes for which information is used.
Collect and process the appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
Ensure the quality of information used is accurate and kept up to date.
Apply strict checks to determine the retention periods of information held.
Guarantee the rights of people about whom information is held can be fully exercised under the DPA (these include the right to be informed that processing is being undertaken); ensure the public have the right of access to personal records held about them.
Individuals have the right to access one’s personal information; the right to prevent processing in certain circumstances; the right to correct, rectify, block or erase information which is regarded as wrong information.
Ensure that for all personal data, appropriate security measures are taken, both technically & organisationally, to protect against damage, loss or abuse.
Ensure that personal information is not transferred abroad without suitable safeguards.
Ensure SCC Notification is kept up to date.
When buying in services, ensure that appropriate processing agreements are in place to guarantee security.
Adopt the key principles of BS7799 – the British Standard on Information Security Management.
Regularly review this policy and safeguards that relate to it annually, to ensure that the contents are still relevant, efficient and effective.
Ensure CCTV systems are used in compliance with the DPA.
Adhere to the duty of confidence.
In addition Southampton City Council will ensure that:
There is someone with specific responsibility for data protection in the Council. This person is the Information Compliance Officer, Legal & Democratic Services.
Everyone managing and handling personal information understands that they are responsible for following good data protection practice.
Everyone managing and handling personal information is appropriately trained to do so.
Everyone managing and handling personal information is appropriately supervised.
Anybody wanting to make enquiries about handling personal information knows what to do.
Queries about handling personal information are promptly and courteously dealt with.
A regular review and audit is made of the way personal information is managed.
Methods of handling personal information are regularly assessed and evaluated by the Information Compliance Officer and Internal Audit.
Performance with handling personal information is regularly assessed and evaluated by the Information Compliance Officer and Internal Audit.
Ensure the Data Sharing Protocols are followed.
When asking for information, Southampton City Council will:
Ensure you know why we need it.
Protect it and make sure nobody has access to it that should not have.
Ensure you know if you have a choice about giving us information.
Let you know if we need to share it with other organisations to give you better public services – and whether you can say no.
Make sure we do not keep it longer than necessary.
In return we ask you to:
Give us accurate information.
Tell us as soon as possible of any changes.
Tell us as soon as possible if you notice mistakes in the information we hold about you, as this helps us keep our information reliable and up to date
If you wish to be supplied with personal information we hold about you (a subject access request), please contact the Information Compliance Officer. You can also contact the Information Compliance Officer, if you have any queries or complaints – by writing to, Information Compliance Officer, Southampton City Council, Civic Centre, North Block, SO14 7LY.
If you would like to see Southampton City Council’s Notification details, as notified to the Information Commissioner, you can visit the Information Commissioner’s website and simply enter the Council’s registration number Z4809838 in the appropriate box.
For independent advice about data protection, please contact the Information Commissioner or;
By Phone: Switchboard: 01625 545700
By Fax: 01625 524510
The Improvement and Development Agency have produced a guide specifically for local government.