Notification Under the Data Protection Act 1988
Submit Articles Back to Articles
10 October 2009
Notification is a statutory requirement and every organisation
that processes personal information must notify the Information Commissioner's
Office (ICO), unless they are exempt. Failure to notify is a criminal offence.
Notification is the process by which a data controller gives the
ICO details about their processing of personal information. The ICO publishes
certain details in the register of data controllers , which is available to the
public for inspection.
There is a two-tiered notification fee. The two-tiered structure
is based on an organisation's size and turnover. A data controller will need to
assess which tier they fall in and hence the fee they are required to pay.
The fee for tier 1 is £35 and the fee for tier 2 is
£500. The ICO do not send invoices but will acknowledge receipt of payment
if requested. The period of notification is one year, after which time you will
need to renew your notification.
If you are a limited company, you must provide your registered
office address, and in all other cases, you must provide the address of your
principal place of business. If there is no place of business (eg for a small
local voluntary body), you should provide the address of the official who has
completed the form.
Only one notification is required per legal entity. This will
cover any number of different branches or addresses where the data is processed.
Some further considerations under the Data Protection Act
The Act will usually apply to a business or organisation unless
you are an individual holding personal information for your own domestic use for
example an address book.
If you are required to comply with the Act, you have a number of
to notify the Information Commissioner you are processing
information, unless you are an organisation who has personal information only
staff administration (including payroll);
advertising, marketing and public relations for your own
accounts and records (some not for profit organisations)
to process the personal information in accordance with the eight
principles of the Act; and
to answer subject access requests received from individuals.
Where the information held on a laptop or other portable device
could be used to cause an individual damage or distress, in particular where it
contains financial or medical information, they should be encrypted. The level
of protection provided by the encryption should be reviewed and updated
periodically to ensure that it is sufficient if the device was lost or stolen,
you may need to seek specialist technical advice. In addition to technical
security, organisations must have policies on the appropriate use and security
of portable devices and ensure their staff are properly trained in these. If it
is brought to the Commissioner's attention that laptops that have been lost or
stolen have not been protected with suitable encryption he will consider using
his enforcement powers.
The Data Protection Act covers computer records and some manual
records. Most computer records can easily be found about a particular person and
should be disclosed removing any third party information. Manual records need to
be in a relevant filing system. The files which form part of the relevant filing
system are structured or referenced in such a way that information about the
applicant can be easily located. Where manual files fall within the definition
of a relevant filing system, the content will either be sub-divided, which
allows the searcher to go straight to the correct category and retrieve the
information requested without a manual search, or will be indexed to allow the
searcher to go directly to a relevant page.
Jane Coyle is a trainee solicitor at Lawdit and can be
contacted at firstname.lastname@example.org
About the Author
Lawdit Solicitors offer services and
advice for litigation, commercial contracts, Intellectual Property and IT legal
agreements. We are experts in commercial law with a heavy emphasis on
Intellectual Property, Internet and e-commerce law. Lawdit is a member of the
International Trademark Association, the Solicitors' Association of Higher Court
Advocates and we are the appointed Solicitors to the largest webdesign
association in the world, the United Kingdom Website Designers Association.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2009-10-16 19:59:59 in Legal Articles