The Data Protection Act 1998 lays down rules about how personal information is handled by the Council. It also gives individuals rights of access to information held about them by the Council.
Data Protection can be a complex and technical area. In general, being open about how we use information, using common sense and following the Data Protection principles should ensure that personal information is handled properly. Council staff should:
- Tell people clearly what Council functions the information is needed for and take special care with sensitive information. Be open and fair with information.
- Ensure that information is used and disclosed only for the Council functions for which it was collected.
- Keep only relevant information which is adequate but not excessive for the purpose of which it is held.
- Hold information only as long as is necessary for the purpose.
- Take appropriate security measures to prevent unauthorised or unlawful processing, disclosure, destruction, loss or alteration of information. Get written confirmation of data protection, compliance from suppliers and providers of service.
The Moray Council’s Privacy Notice sets out how the Council will use and protect information about individuals.
- A guide for the public (PDF): Your rights over personal information held about you by the Council
- A five minute guide for frontline staff (PDF)
- A guide for managers (PDF)
- General advice for elected Members (PDF)
- The Moray Council Privacy Notice (PDF)
Information Commissioner website contains detailed guidance.
Anyone who is not happy with the way the Council has handled their personal information can contact the Information Commissioner .