Toggle menu

Element (09): Data Protection

In order to deliver services to the various communities in West Lothian, West Lothian Council requires gathering and processing personal data about residents, staff and other individuals.

Data Protection law regulates the processing of personal data by West Lothian Council. Data Protection law gives individuals a number of rights. This includes the right to be advised of, and receive copies of, any personal data relating to them which is held by West Lothian Council.

Data Protection law is enforced and promoted by the Information Commissioner's Office (ICO). The ICO provides guidance and advice on complying with the terms of the law and investigate complaints regarding possible breaches of the obligations defined within the law.

The Information Commissioner maintains a register of fee payers listing all Data Controllers in the UK. Every organisation that processes personal information are required to pay a fee to the ICO, unless they are exempt. West Lothian's registration can be viewed on the Information Commissioner's Office (opens new window) website, registration number Z6925127.

Data Protection law sets out data protection principles which must be complied with when the council is processing personal data. The principles require that personal data is:

  • processed lawfully, fairly, and in a transparent manner;
  • collected for specified, explicit and legitimate purposes;
  • adequate, relevant and limited to only what is necessary;
  • accurate and, where necessary, kept up to date;
  • kept for no longer than is necessary;
  • processed in a manner that ensures appropriate security, including protection against accidental loss, destruction or damage, using appropriate technical or organisational measures.

The Head of Corporate Services is the Council's Data Protection officer and has responsibility for monitoring data protection compliance throughout the council. Each Head of Service has nominated an Information Liaison Officer (ILO). The ILO is responsible for providing routine advice on Data Protection to the Head of Service and other officers and for co-ordinating responses to Subject Access Requests. The ILO also acts as the service representative on the Council's Information Management Working Group, which is chaired by the Data Protection Officer.

The council has an Information Governance Policy (PDF, 217 KB)(opens new window) to ensure that the council complies with the requirements of Data Protection law. The Policy is regularly reviewed by the Data Protection Officer and Information Management Working Group. In addition, the council has developed general guidelines for officers to ensure compliance with the responsibilities of the council when processing personal data. Other policies and procedures are in place that cover the use of mobile electronic devices, the use of council e-mail and internet systems, the application of passwords to electronic information, the disposal of IT hardware etc.

The Council enter into agreements (Data Processing/Sharing Agreements) where a third party requires to be provided with personal data to allow it to deliver a service on behalf of the council. The Council also ensure that Information Sharing Protocols are entered into when the council is proposing to share personal data in circumstances which are permitted in terms of the data protection principles.

All council officers are required to undertake mandatory data protection and information security training to ensure that personal data is processed in accordance with the data protection principles.