1. How should my information be handled?
2. Getting information about yourself
3. Getting information held by credit agencies
4. Getting records held by public authorities
5. Correcting information about yourself
6. Preventing or stopping unwanted marketing
7. Stopping automated decisions
8. Claiming compensation
9. Feedback and comments


1. How should my information be handled?

Many organisations hold and use information about us. This could just amount to our name and address or it could be information on what products we like to buy in supermarkets.

Problems arise if the information held about you is incorrect, out of date or if an organisation uses this information against your wishes. The Data Protection Act 1998 built on previous legislation to protect further your right to privacy. It has very strict rules about how exactly personal information is used.

It sets out eight principles to ensure that this information is handled correctly. These state that information or ‘data’ should be:

  • Fairly and lawfully used

  • Used for limited purposes

  • Adequate, relevant and not excessive

  • Accurate

  • Not kept for longer than is necessary

  • Dealt with in a transparent manner

  • Secure

  • Not transferred to other countries without adequate protection


2. Getting information about yourself

You have the right to find out what information is held about you. This information can be held either on computer or on paper records and applies to any organisation or individual.

You can write to the person or organisation you believe holds information about you. They have to reply within 40 days. The information commissioner has a leaflet on your right to know, which includes a sample letter to send to organisations holding information about you.

Information held in emails: You can access information held about you in emails. An organisation has to disclose this information if the emails within its system:

  • Identify living individuals

  • Are held in live, archive or back-up systems, or have been deleted from the live system but can still be recovered

  • Are stored as print outs
There are exceptions to this rule and these are more fully explained in the information commissioner’s leaflet on access to personal data contained in e-mails.

The Data Protection Act doesn’t prevent employers from monitoring their workers, even through email. However, they will have to prove that there is good reason, such as a criminal investigation or a strong suspicion that the employee is breaking company rules. Employers cannot spy on employees as a matter of course.

Information online: You can protect your privacy on the internet. Information online is also bound by the eight principles of data protection. For example, if a company keeps your credit card details after you have made an online purchase, they have to be able to prove that they kept it for a good reason and that the information is accurate and up-to-date.

Your internet service provider (ISP) will have a lot of detailed information about you. You have the right to find out what information your ISP or any other service or website provider has about you. Email addresses are personal data and you can be asked to be removed from directories or mailing lists.

However, information you provide to a website or via email anywhere in the world may not be protected by data protection legislation so you may not be able to access this information about yourself. The information commissioner as a guide on protection of privacy on the internet.



3. Getting information held by credit agencies

You have the right to see what information credit agencies have about you. You can request a copy of your credit history or information about your financial situation. Read the iCan guide on How to repair your credit rating for more information on the issue. The information commissioner also has a leaflet on common complaints about credit information.



4. Getting records held by public authorities

You can access information about yourself held by public authority institutions such as your local council.

Local Authority Housing Records: You can access residential tenancy records (for example, information on mortgages and payments) held by:

  • ‘Housing Act local authorities’ and housing action trusts in England and Wales

  • Scottish Homes, local authorities, joint committees of two or more local councils or any council-controlled trust in Scotland

  • The Northern Ireland Housing Executive
Information may be withheld if the disclosure would affect the prevention, detection or prosecution of a crime, or if it identifies other people. The information commissioner has a leaflet on rights of access to local authority housing records.

Education records: School students and their parents have the right to see educational records. Students should also be given a description of the information that makes up the record and details of how their record has been used and who may have seen it. The only exceptions to this are pieces of information that:

  • May harm the physical or mental health of the student

  • Identify other pupils

  • Form part of court reports

  • Affect the prevention, detection or prosecution of a crime
The information commissioner has a leaflet on the right of access to education records in England. The Data Protection Act also covers the right of access to education records in Northern Ireland.

Parents in Scotland have the right to view their child’s educational records within 15 days of a request under the Pupils' Educational Records (Scotland) Regulations 2003. You can read more about this at the Scottish Executive’s Parentzone website.

Parents in Wales also have the right to view their child’s educational records within 15 days of a request under the The Education (Pupil Records) (Wales) Regulations 2001.

Social Services records: You can access records held by:

  • A local social services authority in England and Wales

  • A social work authority in Scotland

  • A Health or Social Services Board or Trust in Northern Ireland
You can request information yourself or through a solicitor or advice worker. Parents or legal guardians can request information on behalf of children or people with mental handicaps. But there are circumstances in which information may be withheld. For more information on accessing social service records, read the information commissioner’s leaflet on rights of access to social services records.

Medical records: Everyone has the right to have a copy of their medical records. The records should be presented in a format which a patient will understand.

You can read the iCan guide, How to access your medical records for full details and there is more on this in the information commissioner’s leaflet on access to health records.

Employment records: Employees have a right to know what information past, current or prospective employers have about them.

There are limitations on your right to see references. You only have a right to view a reference about yourself when it is in the hands of the people who received or requested it. But they can still take steps to protect the identity of the author, which may mean you don’t get all the information contained in the reference. You can challenge information you consider wrong or misleading especially when it could have an adverse effect on you, as a reference may. You can read the information commissioner’s code of practice on employment records.



5. Correcting information about yourself

You have the right to get incorrect information about yourself changed or destroyed. Write to the organisation and inform them of the mistake. In your letter you should state:

  • Your identity

  • The information to which you are referring

  • What should be done to correct the information
The information commissioner has a leaflet on what to do about incorrect information.



6. Preventing or stop unwanted marketing

You have the right to stop organisations from using personal information to market you with products, services or ideas. If you are being targeted by direct marketing, you can tell the organisation to stop or you can tell them not to begin processing your information for marketing purposes. The information commissioner has a leaflet on preventing unsolicited marketing.

You can put a stop to unwanted direct mail through mailing preference service. You can also put a stop to unwanted phone calls from organisations who telephone you with offers and services you don’t want to receive through the telephone preference service.



7. Stopping automated decisions

You have the right to prevent decisions being made about you, which are based on the automatic processing of personal information. For example, some companies may choose who to call up for a job interview based on a random selection of names by a computer (like a lottery). You can put a stop to this and make sure your application or information is considered according to its individual merits.

The information commissioner has a leaflet on preventing decisions based on automatic processing.



8. Claiming compensation

If you have suffered damage or distress as a result of somebody failing to comply with the Data Protection Act, you have the right to claim compensation.

As an individual you can claim compensation from an organisation for damage or distress caused by breach of the Data Protection Act 1998.

The information commissioner has a leaflet on claiming compensation under the Data Protection Act.



9. Feedback and comments

If this guide helped you sort something out, please tell us! It's the only way we'll find out whether people think iCan is useful. To send us an email, please go to the Contact us page and choose the "Tell us your success" option.

Or you can add a comment below, which will appear on the guide for everyone to see.

COMMENTS
If you've got something to say about this article you can add a comment. If you'd like to write something longer or on a different subject, why not write an article, case study, or guide?

Add your comment
  The views expressed in these comments are those of the contributors and not the BBC
  If you think the iCan rules have been broken, please tell us.
Most recent comments:

It would be very helpful if there was a companion piece developed from the point of view of an individual who is concerned that they (or a group for which they are responsible) may have liabilities under the Data Protection Act. One reason why it is difficult to involve volunteers as organisers nowadays is a perception that running anything is so complicated that ordinary people are bound to get into trouble.
Comment contributed by: Rosemary Rodd, Cambridge, on 30 March 2004 at 12:05
Click here to register a complaint about this entry

MORE ON SUBJECT
Campaigns
Stop & Prevent Identity (ID) Theft
Boycott RFID Tags
Reclaim our Roads
Articles
ID cards: an iCan briefing
BRIAN BLAKE 79 THE COUNCIL TAX FIASCO
drug drivers
Guides
How to protect your information using the Data Protection Act
How to access your medical records
How to keep financial records
Organisations
Freedom of Information and Data Protection Unit
Notags
Watching Them, Watching Us
Campaign for Freedom of Information
Office of the Information Commissioner
Issues
Access to medical records
Personal rights
Information & privacy
Data protection
Personal information access
Access to credit rating records
Access to education records
Access to housing records
Access to public records