The Data Protection Act 1998 came into force on 1st March 2000 and affects all departments and sections within the University. It is important that all staff are aware of the principles of the new Act, which govern the collection, retention and transmission of information about living individuals and the rights of those individuals to see that information. Unlike the Data Protection Act 1984 which it replaces, the 1998 Act covers manual data (ie - that held in paper files and index systems) as well as electronic records.
The University's Data Protection Officer is Elizabeth Richardson, Senior Legal Adviser. She is assisted by David Jolly and Lisa Slater (Legal Adviser). They are all qualified solicitors based within the University Secretary's Office. They are all happy to help with specific data protection queries and can offer advice on the drafting of data protection statements, the retention of records and other related issues. Lizzie Richmond is the University Archivist/Records Manager and is responsible for the management of records throughout the University.
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promote openness by public bodies and data privacy for individuals. If the Information Commissioner is satisfied that an organisation has failed (or is failing) to comply with any of the Data Protection principles, it may serve an enforcement notice or an information notice.
An enforcement notice may require an organisation to take (or not to take) specified steps to comply with the Data Protection principles or not to process any personal data either at all or for a specified purpose or in a specified manner. An information notice will require the University to supply any information necessary to investigate whether there has been a breach of the Act. Failure to comply with an enforcement notice or an information notice is a criminal offence.
With effect from 6th April 2010 the Information Commissioner has the power to impose a financial penalty on an organisation in the event of any serious breach of one or more of the Data Protection principles, with an upper limit of £500,000 for serious breaches of the legislation. As well as imposing financial penalties on any organisation, any Director, Manager, Secretary or similar officer is personally guilty of an offence if the offence was committed with their consent or connivance or if the offence is attributable to neglect on their part.
In view of the considerable powers of the Information Commissioner’s Office, all staff need to be familiar with the principles of the Act and their obligations thereunder.
This website has been designed to provide basic guidance on data protection for all members of University staff.