Guidance & Legislation

Data Protection and Freedom of Information Guidance

The Data Protection Act 1998 gives individuals (data subjects) the right of access to information held about themselves. The Act regulates the use of personal information and places duties upon the council in terms of how we collect, process, store and disclose information about people.

More about the Data Protection Act 1998

The Freedom of Information Act 2000 gives a right of access to a wide range of information held by public authorities and places obligations on public bodies to release information on request, providing it is not subject to an exemption.

More about the Freedom of Information Act 2000

Data Protection Dos and Don’ts

These data protection priorities were identified by the Barnet Corporate Governance team.

Do:

  • keep personal data safe – it’s everyone’s responsibility
  • think before you speak – a disclosure can be spoken as well as written
  • ensure you are authorised to take information off site – including hard copy/paper files
  • wherever possible use remote access instead of taking information off site
  • shred personal data before you dispose of it and use confidential waste sacks
  • ensure personal data is accurate and up to date
  • be aware of retention and disposal guidelines – data cannot be kept indefinitely
  • know who you are allowed to share information with (data sharing protocols)
  • be aware of all Barnet data protection and information governance policies and procedures
  • ask for advice if you’re not sure

Don’t:

  • ignore potential risks – report incidents or concerns to the Headteacher
  • email sensitive information unless you are sure it is encrypted
  • store remote access fobs with your laptop
  • leave your laptop unattended
  • leave your laptop in your car. If this is unavoidable, temporarily lock it out of sight in the boot
  • store or send personal data on removable media (USB pen drives, CDs)
  • assume you can disclose personal data to another member of staff
  • leave mark books, written information of a sensitive nature, faxes and print outs lying around – even accidental disclosures are a breach
  • use personal data for a different purpose without considering data protection
  • write any comment about any individual that is unfair or untrue which you would be unable to defend if challenged.
  • You should assume that anything you write about a person will be seen by that person.