Data protection

The Data Protection Act 1998 sets out rules that explain how information about individuals must be handled, and applies to personal information held on computers and some manual records.

We have a duty to make sure that all personal information is handled responsibly and in a fair and legal way.

Find more information on the Data Protection Act 1998 on the information commissioner's office website.

We use personal information in a number of different ways so that we can carry out our duties. We have a set of internal policies and procedures and a range of guidance to make sure that we comply with the law.

 This area includes:

• LFEPA's responsibilities;
• the eight data protection principles;
• what information the act covers;
• who the Information Commissioner is;
• LFEPA's notification entry (a description of how we use personal information); and
• frequently asked questions

What are LFEPA's data protection responsibilities?

This area sets out our two main responsibilities under the Act. These are:

• to comply with the eight data protection principles;
• to notify the Information Commissioner every year of the types of personal information we handle and how it is used.

What are the eight data protection principles?

The eight data protection principles form the backbone of the Data Protection Act and explain how personal information must be handled. They say that all personal information must be:

• processed in a fair and legal way
• processed for limited purposes
• adequate, relevant and not excessive
• accurate
• not kept for longer than necessary
• processed in line with the rights of individuals
• kept secure
• not transferred to other countries without adequate protection measures

back to top

What information does the Act cover?

The Act covers most computer records and some paper records that contain personal information about individuals.

Every year, LFEPA informs the Information Commissioner  (the independent government body who oversees the Act) of the types of personal information it holds, how it is used and who, if anyone, it is disclosed to. This process is called notification.

For more information about the types of personal information we hold and how we use it, look at our notification entry.

back to top

Who is the Information Commissioner?

The Information Commissioner is the independent government body who oversees compliance with the Data Protection Act and the Freedom of Information Act .

The Commissioner also maintains a public register of organisations that process personal information (also known as data controllers). This process is known as notification.

back to top

What is notification?

Like all organisations that process personal information, LFEPA has a legal duty to annually renew its notification and also keep its register entry up to date throughout the year.

Each register entry contains details of:

• the types of personal information stored;
• who the information is about;
• how the information is used;
• who the information is shared with;
• confirmation of whether the information is disclosed outside of the European Economic Area.

Here is LFEPA's current notification entry. [ PDF 145kb]

For information and advice on data protection and freedom of information at LFEPA, email the Information Access Team or contact them on 020 7587 6275.

!adobe

back to top