Ken Macdonald, Assistant Commissioner for Scotland at the ICO, has written to every Community Council Liaison Officer in Scotland to remind them of their obligations under the Act and to explain why most community councils should notify their processing with the ICO.
Under the Act, most organizations that process individuals' personal information electronically must notify the ICO. Failure to notify is an offence and recently there have been a number of successful prosecutions of organizations for failing to notify.
"Compliance with data protection principles ensures that individuals' personal information is secure, accurate, up-to-date and processed fairly and community councils must be aware of their responsibilities," said Macdonald. "Notification is an important legal requirement of the DPA but there has been some confusion among community councils over whether they are covered by the voluntary or not-for-profit exemptions under the Act. However, whilst community councilors are volunteers, the community councils have specific powers set out in law and therefore are not considered to be not-for-profit organizations."
According to the ICO, anyone who processes personal information must comply with eight principles, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
Notification costs £35 per annum and should be made directly to the Information Commissioner's Office, based in Wilmslow. Registering can be done on the ICO Web site.
