Invasion of privacy

Personal information is freely given in everyday transactions, from paying for goods at a supermarket to filling in health insurance forms.

Consequently, there is a vast amount of personal information held in databases, and the law protects our privacy in relation to this.

The Information Commissioner’s Office (ICO) (www.ico.gov.uk) is the main independent authority protecting personal information and access to public information. It has legal powers to ensure organisations comply with the Data Protection Act 1998. It can conduct assessments and audits of organisations, and can prosecute those who commit criminal offences under the 1998 Act. 

The Data Protection Act 1998

Where an organisation holds personal information about an individual on paper or on computer records, that individual has rights under the Data Protection Act 1998.

The Act allows you to ask to see information held about you and get it corrected if it is wrong. It also gives you the right to stop your personal information being used for marketing. 

Individuals can do this by writing to the organisation involved and asking for a copy of the data relating to them. This is known as a ‘subject access request’.

Individuals have the right to request and to receive information about themselves that is held on a database, and to know the source of that information.

They can prevent their data being used for advertising or marketing, and they can have any inaccurate data corrected or removed in a timely fashion.

Obligations of organisations under the 1998 Act

Organisations which store personal information must notify the ICO. Failure to do this is a criminal offence. You can search the register here: www.ico.gov.uk/ESDWebPages/search.asp

When holding personal information, organisations must comply with the eight ‘data protection principles’. Personal data must be:

• Processed fairly and lawfully.
• Obtained for specified and lawful purposes.
• Adequate, relevant and not excessive.
• Accurate and up to date.
• Not kept any longer than necessary.
• Processed in accordance with the “data subject’s” (the individual’s) rights.
• Securely kept.
• Not transferred to any other country without adequate protection in situ.

Organisations which persistently breach the Data Protection Act, and which have been served with an enforcement notice, could incur a fine of up to £5,000 in the magistrates’ court or an unlimited fine in the Crown court.  

Dealing with unsolicited email and letters

Unfortunately, there is little that can be done about spam emails (apart from using a good spam filter) as most of these come from overseas.

To stop junk mail flooding your letter box, register your name and address with the Mailing Preference Service (see www.mpsonline.org.uk). This is a free service, and can usually stop about 95 per cent of junk mail. Mail addressed to ‘The Occupier’ will still get through.

If you are bothered by telesales calls, then you can register with the Telephone Preference Service or the Corporate Telephone Preference Service, which should stop the calls. You can also tell the caller directly that you do not wish to receive such calls.

The ICO runs a helpline on unsolicited marketing mail on 08456 306060. 

Your right to access public records

Individuals and organisations have the right to request information held by a public authority, under the Freedom of Information Act 2005. The public authority must say whether it holds the information, and must supply it within 20 working days. However, there are exemptions, for example, where the request is vexatious, similar to a previous request, or the cost of compliance is more than would be appropriate.

If the authority refuses, and you think this is unreasonable, you can ask the ICO to investigate.

Credit reference agencies and health records

You can write to any of the credit reference agencies and request a copy of your file. This costs around £2.

There are three main credit reference agencies in the UK—CallCredit, Equifax and Experian.

You have a right to see your health records (from a wide range of health professionals, including GPs, hospitals, dentists, chiropractors and clinical psychologists). You can do this by writing to the person concerned. It may cost you anything between £10 and £50.