Introduction
This policy sets out the statement of intent that Bassetlaw District Council and its staff will follow with regard to the public’s information rights. For public access this is often referred to by the name of the legislation, i.e. Freedom of Information the Data Protection Act and the General Data Protection Regulation (GDPR).
We hold information in order to provided services to the public. Where practical we make available public information through our website, in leaflets and on request. We need to restrict publication of some information because it is confidential, may have copyright attached or contains personal information about other people.
We hold personal information to provide services to individuals and an individual has a right to request access to their records and information held about them (Subject Access Request). People should be confident that we handle their personal information responsibly and in line with good practice.
This policy forms part of the Council’s information Governance Framework and will be implemented by setting standards and procedures for Council staff, with further guidance to help the public and staff.
Definitions
“We” means Bassetlaw District Council and includes all members, employees, trainees/apprentices and volunteers of the District Council and contractors, suppliers and partners delivering District Council services on our behalf.
Information is used here as a collective term to cover terms such as data, documents, records and content, audio recordings, digital and photographic images etc.
Processing is any operation or set of operations which is performed on personal information such as collection, recording, storing, alteration, retrieval, use, disclosure, destruction etc.
Personal information means any identifiable data or information relating to a living individual (i.e. a person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, online identifier etc).
Council information includes any data or information that is held by us on behalf of individuals, business, partners or that we create in order to carry out our services.
Scope
The principles and commitments set out in this policy apply to all members, employees, trainees/apprentices and volunteers of Bassetlaw District Council and to contractors, suppliers and partners delivering District Council services on our behalf.
Members of the Council should note that they are also data controllers in their own right and are responsible for ensuring any personal information they hold/use in their role as Members is treated in accordance with the relevant legislation.
Personal information
We will handle all personal information in a safe, responsible and secure manner.
We will meet our obligations to protect personal data and the rights to privacy. This will be in accordance with the principles of the General Data Protection Regulation, Data Protection and Human Rights Acts and other relevant legislation and common law.
We will consider and address the risks to personal information when we are planning to use or hold personal information in new ways. For example, when we are introducing new systems, or new ways of working.
We will review and may take disciplinary or contractual action if staff or contractors misuse or do not look after person information properly.
We may need to share personal information in order to perform our statutory duties and legal obligations.
We will provide and publish complete and current privacy notices which explain why we collect personal information, how we use and share information and the rights that people have over their data.
In some circumstances we will not rely on, or ask for, individuals’ consent to use and share their personal information. Specifically, in relation to information which is sensitive in nature, consent will not be relied on where use and/or sharing of the information is:
- In the substantial public interest and in relation to statutory functions and responsibilities or
- In the substantial public interest and in relation to the prevention or detection of crime
We will keep a record of all the types of activity where, in accordance with paragraph 16 above, consent is not required. The record will explain how our use of information complies with data protection law and how long that information is retained.
Data protection law gives individuals the right to object to their personal information being used and shared. However, there are some exemptions to this right.
We will keep a record of the types of activity where the Council may refuse a request for an individual’s information not to be used or shared. Requests will be considered on a case by case basis.
Individuals are entitled to request a copy of the personal information that is held about them my making a ‘subject access request’.
We will take reasonable steps to verify the identity of the requester prior to providing access to their personal data.
We will respond to a ‘subject access request’ as soon as possible and within the relevant statutory timescale of one calendar month from receipt.
Where reasonable and practical, we will provide the information in the format requested.
Public information
We wish to be an accountable and transparent Council and will publish and in a reusable format.
We will provide as much open access to our information as possible and through a Publication Scheme. Wherever possible, information will be available in digital format from our website.
We will provide information unless there is a legal justification for withholding it. Where we refuse to provide information, we will clearly and fully explain the reasons why.
We will state if any charges, or restrictions on use, apply in respect of requests for both general and personal information.
We will set out clear procedures for requesting and responding to format requests for general information and we will respond within the relevant statutory timescales set out in guidance for the public.
Both in respect of personal information, we will set out clear procedures for asking for an internal review if you are not satisfied with our response and will ensure your concerns are dealt with appropriately.
Both in respect of personal and public information, where a requester has made a complaint, we will advise them that they may complain to the Information Commissioner’s Office if they remain unhappy with the outcome.
In line with our Equality Policy, we will treat people fairly when they are exercising their rights and in dealing with requests for information.
Responsibilities
Bassetlaw District Council is the overall body responsible for responding to requests for information which it holds, with the legal obligations being enforced by the Information Commissioner’s Office and the courts.
Specific responsibilities for staff within the Council are as follows:
|
Staff member/group |
Responsibility |
|---|---|
|
All staff and others working on behalf of BDC |
Awareness of the relevant legislation relating to requests for information |
|
All staff and others working for or on behalf of BDC |
Understanding and adhering to monitor and report on compliance with this policy and support and advice and training |
|
Data Protection Officer |
Establish arrangements to monitor and report on compliance with this policy and provide support and advice and training. |
|
Complaints and Information Teams |
Maintaining a record of all requests for information, coordinating responses and managing liaison with the requester (except Human Resources) |
|
HR Service |
Maintaining records of all requests for information and managing liaison with requestor ( Human Resources records) |
|
All Managers |
Compliance with and implementation of this policy within their teams |
Monitoring and review
This policy and the supporting standards will be monitored and reviewed annually in line with legislation and codes of good practice
Further information
The Information Commissioners Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
External legislation related to this policy includes:
- General Data Protection Regulation 2016
- Data Protection Act 2018
- Human Rights Act 1998
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
- Local Government Acts
Version Control Number: 1.1
17 October 2018
Revised: 15 May 2019: Update to Subject Access Request.
Last Updated on Thursday, April 11, 2024