*

Crime Reduction Toolkits

Using Intelligence and Information
Crime - Let's bring it down
  
* *
*
* *
*Front Page | Site Help | Search | Contact Us | Site Map

 
*
*
Toolkits Homepage
*
Toolkits Content
*
*
Introduction
*
What do we know
*
Local Solutions
*
Tackling The Problem
*
Making It Happen
*
Resources
*
Innovation
*
Practical Tools
*
Contact Points
*
*
*

Toolkit Index

The Data Protection Act 1998

The Data Protection Act imposes legal requirements on the collection, storage, processing and disclosure of personal (sensitive) information, held in structured manual (paper) files or electronic/IT based systems. Often incorrectly cited as a barrier to information sharing, the Act permits the processing (including disclosure) of sensitive data, including data relating to a person’s alleged offences, if this is necessary for the purpose of legal proceedings; the administration of justice; or the exercise of statutory or police common law functions, or of any functions of the Crown, Ministers, or a government department.

Personal data relates to specific information about a living individual or information to identify an individual. The definition applies to information already in the possession of agency, or is likely to come into its possession.

The Data Protection Act also defines personal data as including any expression of opinion or any proposed course of action, which the agency (including those outlined by an employee) intend to take in respect of that individual. Photographs and CCTV images of individuals also constitute personal information within the meaning of the Act.

Sensitive personal is defined by Section 2 of the Data Protection Act as specified earlier in this toolkit.  Limited exemptions apply to these and include certain categories of information associated with crime reduction activities.

The Data Protection Act requires that personal (and sensitive data) is processed fairly and complies with the rules of good information handling, known as the 8 Data Protection Principles and other requirements of the Data Protection Act.

Personal Data must be:

  • fairly and lawfully processed;

  • processed for limited purposes;

  • adequate, relevant and not excessive;

  • accurate;

  • not kept longer than necessary;

  • processed in accordance with the data subject's rights;

  • kept secure;

  • not transferred to countries outside the EEA without adequate protection

Processing is widely defined by the Act and incorporates 'obtaining', holding' ‘using’ and 'disclosing' of information. Disclosure covers the actual process of physically exchanging or sharing information with another agency.

In the context of this toolkit, it is not necessary to provide detailed consideration of all the provisions of the Data Protection Act. Each individual agency has a responsibility to adhere to the Act, whether information-sharing activity is undertaken or not. Normally a Data Protection Officer will have been appointed to ensure that the organisation is fully compliant with the Act.

However, the Act raises a number of issues, which need to be considered before information is shared between agencies.

Back to Legal Considerations

<<Contents

 < Previous Section

 Next Section>>

 

 

 *
   
** Back to Top    Site Help    Search    Contact Us    Site Map    Knowledgebase