- Q: I’m concerned that fingerprints are being taken from passengers at Heathrow’s Terminal 5? How will this affect me?
-
The Data Protection Act requires, amongst other things, that personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
At the ICO, we are addressing the issues arising from BAA's decision to fingerprint passengers at Terminal 5. This has led to them suspending the arrangement pending the conclusion of discussions with our office.
However, as these discussions now involve a number of parties, including the UK’s border control authorities, we expect that the issue may take some time to resolve. Therefore, as we are aware of this matter and are currently looking into it we do not require details of individual complaints.
We will place a statement on our website to advise when matters are concluded.
^ Back to top
- Q: I’ve heard that there is going to be a National Staff Dismissal Register (NSDR), How will this affect me?
-
Essentially, this is part of the recruitment process for companies signed up to the scheme. It acts as an extension to the reference procedures in that they can check whether a person they are planning to employ has had their details uploaded by a previous employer following dismissal. There should not be anything on the system that would not normally be included in a standard employment reference. There are strict controls on who can use the system. It is not open to every employer in the UK, only to those who have accepted and signed up to the terms of use set out by Hicom Business Solutions. This includes conditions relating to data protection and compliance with the ICO Employers’ Code of Practice.
It is reasonable for an employer to seek not to employ someone who poses a risk to their business. The employer reporting data to the register should be sure that there will be an adverse effect between what the individual has done and their employment in a similar capacity. In other words, does it render them unsuitable for employment? Dishonesty, theft, fraud etc. are all obvious factors which may be relevant. Employers using the register should consider the status and influence of the role within the organisation before using information held on the register.
Any organisation that subscribes to the register has to comply with the Data Protection Act. This includes informing employees when the register is being used, both before checking an individual's status and before entering information on the register.
If you wish to make a subject access request or have any issues about accuracy then, in the first instance, you need to raise them with the organisation which has put the information on the register. If you are not satisfied with the response then you can make a complaint to us.
^ Back to top
- Q: Which Act allows me to get my personal information? And can they charge me?
-
The Data Protection Act 1998 gives you the right to apply for a copy of your personal information. You will need to put your request in writing, by letter or email, and send it to the person or organisation you believe holds this information. Make sure to put your name and address and keep a copy. It is a good idea to make clear you are asking for the information under the Data Protection Act 1998.
Yes, under the Data Protection Act they can ask for a fee of up to £10.00 for each request made.
For more information on your rights, read Subject Access - A guide for data subjects
^ Back to top
- Q: How do I need to ask for the information?
-
You can make a request of your personal information in writing, by post, letter or fax.
^ Back to top
- Q: How long does it take?
-
They should respond to your request as soon as they can but the maximum time they have is 40 calendar days.
^ Back to top
- Q: My neighbour has CCTV cameras overlooking my property. Is this in breach of the Data Protection Act?
-
If your neighbour is a private individual e.g. the cameras are on their residential property, it is unlikely that they will be breaching the Data Protection Act because there is an exemption for domestic/household processing of personal data as long as this does not involve putting personal information on a website or otherwise disclosing it to the world at large without good reason. They may however be breaching other legislation, such as the law about harassment or voyeurism, and so may be referred to another body such as the police to investigate.
You can find out more information on our CCTV page.
^ Back to top
- Q: I think a data controller has breached the Data Protection Act. What can I do?
-
Under Section 42 an individual has the right to make a complaint to the Information Commissioners Office.
Make a complaint - Data protection
^ Back to top
- Q: What protects my personal information when it is being passed to overseas companies and call centres?
-
The Data Protection Act prohibits the transfer of personal information from the UK to other countries unless those countries can ensure the same level of protection. Organisations can also set up contracts with overseas organisations receiving personal information. This ensures that a higher standard of protection is in place than there might have been in the receiving country.
Organisations in the UK which have personal information processed on their behalf overseas are responsible for the security of your information. The UK organisation is required to make sure the company overseas complies fully with the UK Data Protection Act.
^ Back to top
- Q: I was refused credit, is there anything I can do?
-
Under the Data Protection Act you can request a copy of your credit history file, which lists the loans, mortgages and credit cards you have and whether these have been paid on time. It will also show if the payment has gone into default or been satisfied. You can apply to one or all of the main credit reference agencies (Equifax, Experian or Call Credit). If any details on your file are incorrect you should go back to the person or organisation who has put this on your record and ask them to update their records.
^ Back to top
- Q: I think my personal information is wrong. Can I correct it?
-
Under the fourth principle of the Data Protection Act, information must be accurate and up to date. If you feel that your information is not factually accurate (this is information that can be proven to be inaccurate and not an opinion of the person or organisation) you must contact the person or organisation that is holding this information and tell them you believe your information needs updating to be factually accurate under the Data Protection Act. If they fail to do this and your information still remains factually inaccurate you can contact the ICO.
^ Back to top
- Q: I am receiving unsolicited marketing information through the post. What can I do about it?
-
There are generally two things you can do if you are a private individual receiving unsolicited marketing information through the post (junk mail):
- you can register your details with the Mail Preference Service. Although it is not a legal obligation for Data Controllers to check the MPS before sending junk mail most reputable organisations will do so; or
- you can exercise your right under the Act to ‘Prevent processing of your personal data for Direct marketing Purposes’ (section 11).
^ Back to top