Local councillors should check whether they are required to register with the Information Commissioner’s Office (NYSE:ICO) as a data controller. If they handle personal data and fail to register they could face a fine of up to £5,000, reports company compliance experts London Registrars (http://www.london-registrars.co.uk/).
The ICO is contacting councillors all over the UK to inform them that it is their responsibility to register under the Data Protection Act (DPA) if in the course of their duties they handle personal data which requires them to do so. While 6,000 UK councillors are currently registered, it’s thought that up to 13,000 councillors could be in breach of the DPA obligations by failing to register and could be facing a hefty fine. Simon Entwisle, Director of Operations at the ICO explains: ‘Most councillors have regular access to the personal information of the residents they represent. Like all organisations who handle people’s information, it is of paramount importance that they take their responsibilities under the Data Protection Act seriously.’ The cost of ensuring company compliance with the DPA in the case of local councils will in most cases be borne by the council, although in some cases the councillors themselves will be forced to bear the cost as a cost-saving measure.
All company compliance with the DPA stipulates that companies must only collect personal data for a specific purpose; that this data is kept up to date and secure; that it is held for only such time as absolutely necessary; and that the subject of the data is allowed to see that data should they wish. There are specific guidelines set out by the ICO for councillors and MPs dependant on whether they are elected or prospective members of a local authority or MPs carrying out constituency casework: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/advice_elected_and_prospective_members_local_authorities.pdf.pdf.
Compliance with the DPA is vital for all companies and local authorities; failing to comply can result in substantial fines and can be a criminal offence. If you require advice on Data Protection Act compliance or indeed any advice on compliance and corporate governance, whether you are a private company, local authority or individual councillor, contact London Registrars at http://www.london-registrars.co.uk/.