There are 6 core principles governing the use of personal information which the council must comply with. In addition there is also a requirement to demonstrate compliance with the 6 principles.
Lawfulness, fairness and transparency
Personal data shall be processed lawfully, fairly and in a transparent manner.
Purpose limitation
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Personal data shall be adequate, relevant and limited to what is necessary.
Accuracy
Personal data shall be accurate and, where necessary, kept up-to-date.
Storage limitation
Personal data shall be kept in a form which permits identification for no longer than is necessary.
Integrity and confidentiality
Personal data shall be processed in a manner that ensures appropriate security, including unauthorised or unlawful processing and protection against loss or destruction and/or damage.
The principles are in essence a code of good practice for processing personal data.
Under the requirements of the Data Protection Act, businesses and organisations that handle personal data must register with the ICO as Data Controllers, unless they are exempt.
The council is registered with the ICO, our registration number is Z5968256.