Some of the words and terms we use might appear obscure. This glossary is designed to help you understand these and provide you with the opportunity to achieve a better understanding of the work we do.
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
- Corporate subscriber (Privacy and Electronic Communications Regulations)
-
This includes corporate bodies such as a limited company in the UK, a limited liability partnership in England, Wales and N. Ireland or any partnership in Scotland. It also includes schools, government departments and agencies, hospitals and other public bodies eg the Information Commissioner's Office.
^ Back to top
- Data controller (Data Protection Act)
-
A person who determines the purposes for which, and the manner in which, personal information is to be processed. This may be an individual or an organisation and the processing may be carried out jointly or in common with other persons.
- Data processor (Data Protection Act)
-
A person, who processes personal information on a data controller's behalf. Anyone responsible for the disposal of confidential waste is also included under this definition.
- Data subject (Data Protection Act)
-
This is the living individual who is the subject of the personal information (data).
^ Back to top
- Enforcement notice (Data Protection Act)
-
The Information Commissioner has the power to serve an enforcement notice if he is satisfied that a data controller has contravened or is contravening the data protection principles. The notice must set out the steps that the data controller must take to comply with the relevant requirements of the Act. The notice may be appealed to the Information Tribunal which may confirm, amend or overturn it. However, in the absence of an appeal, if the data controller fails to comply with a notice, a criminal offence is committed.
^ Back to top
- Individual subscriber (Privacy and Electronic Communications Regulations)
-
Is a residential subscriber, a sole trader or a non-limited liability partnership in England, Wales and N. Ireland.
- Information notice ( Data Protection Act and Freedom of Information Act )
-
An information notice is a written notice from the Information Commissioner to a data controller or a public authority seeking information that the Commissioner needs to carry out his functions. Failure to comply with an information notice is an offence.
- Information padlock/signpost (Data Protection Act)
-
This symbol (designed by the Information Commissioner and the National Consumer Council) acts as a signpost, so that people can tell at a glance that personal information about them is being collected and processed.
information padlock/signpost
- Information Tribunal (Data Protection Act and Freedom of Information Act)
-
The Information Tribunal hears appeals by data controllers against notices issued by the Information Commissioner under the Data Protection Act and appeals by a public authority against enforcement notices and information notices under the Freedom of Information Act. It will also hear appeals against decision notices by a complainant or a public authority.
^ Back to top
- Mail Preference Service (Data Protection Act)
-
The Mail Preference Service (MPS) is a non- profit making body set up by the direct marketing industry to help people who do not wish to receive junk mail.
When an individual provides their surname and address to the MPS, the MPS will place the information on their consumer. This is then made available to those members of the direct marketing industry who subscribe to the MPS scheme. They undertake to ensure that the mailing lists they use and supply are ‘cleaned’ of any names and addresses that appear on the MPS file. The result is that an individual should not, in future, receive their mailings.
^ Back to top
- Notification (Data Protection Act)
-
Notification is the process by which a data controller's processing details are added to a register. Under the Data Protection Act every data controller who is processing personal information needs to notify unless they are exempt. Failure to notify is a criminal offence. Even if a data controller is exempt from notification, they must still comply with the data protection principles. The Commissioner maintains a public register of data controllers available at www.ico.gov.uk . A register entry only shows what a data controller has told the Commissioner about the type of data being processed. It does not name the people about whom information is held.
^ Back to top
- Personal data
-
Personal data means information about a living individual who can be identified from that information and other information which is in, or likely to come into, the data controller's possession.
- Processing (Data Protection Act)
-
Processing means obtaining, recording or holding the data or carrying out any operation or set of operations on data.
- Public authority (Freedom of Information Act)
-
Any body, any person, or the holder of any office listed in the Freedom of Information Act, or designated by order, and publicly owned companies. Examples of some of the public authorities covered by the scheme are, government departments, local authorities, NHS bodies (hospitals, doctors, dentists, pharmacists and opticians), schools, colleges and universities, the police, the House of Commons and the House of Lords, the Northern Ireland Assembly and the National Assembly for Wales.
- Publication schemes (Freedom of Information Act)
-
The Freedom of Information Act places a duty on public authorities to adopt and maintain a publication scheme that must be approved by the Information Commissioner. The scheme lists and defines the classes of information that will be published, indicates how information is or is intended to be published, and states whether charges apply to supplying the information.
^ Back to top
- Subject access request (Data Protection Act)
-
Under the Data Protection Act, individuals can ask to see the information about themselves that is held on computer and in some paper records. If an individual wants to exercise this subject access right, they should write to the person or organisation that they believe is processing the data.
A subject access request must be made in writing and must be accompanied by the appropriate fee. In most cases, the maximum fee will be £10, but this can vary, particularly if the information requested is for health or educational records. If a subject access request is made to a credit reference agency, then the fee is £2, and the information must be provided within seven working days. A request must include enough information to enable the person or organisation to whom the subject is writing to satisfy itself as to their identity and to find the information.
A reply must be received within 40 days as long as the necessary fee has been paid. A data controller should act promptly in requesting the fee or any further information necessary to fulfil the request. If a data controller is not processing personal information of which this individual is the data subject, the data controller must reply saying so.
^ Back to top
- Telephone Preference Service and Fax Preference Service (Data Protection Act)
-
Similar schemes to the MPS exist for the Telephone Preference Service (TPS) and Fax Preference Service (FPS) which were set up onbehalf of the Director General of Telecommunications. Organisations that engage in unsolicited direct marketing by telephone and fax must not contact individuals who have registered with these opt- out schemes. Registration with the TPS and FPS can therefore help people to reduce the number of unwanted telephone sales calls or marketing faxes they receive.
^ Back to top