The Data Protection Act 1998 gives you the right to find out what information is held about you on computer and some paper records. This right is known as the Right of Subject Access.
The Act also requires that those who record and use personal information (the data controller) be open about how this information is used and that anyone processing personal data comply with eight data protection principles of good practice.
The 8 principles are that data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Not kept longer than necessary
- Processed in accordance with the data subject’s rights
- Not transferred to countries, which do not have adequate protection for personal data
What is ‘personal data’?
This is defined as information relating to a ‘living’ individual who can be identified either from the information itself or indirectly by combining the information with other data available to the data controller. Personal data includes expressions of opinion about the individual and any indication of intentions anyone may have in respect of the individual.
Obtaining information under Data Protection Act to prevent or detect crime
It is often the case that to prevent or detect crime, or to locate an offender the MPS must obtain information from an organisation, which may not be required under the DPA 1998 to release this information to the police.
Section 29(3) of the Act enables a ‘data controller’ to disclose this type of information, if they wish to do so lawfully. In such cases the MPS must complete a form and send it to the organisation, which may hold the information.
If you would like further details of this process, please contact the MPS Public Access Office - see related link.