22/4/04; revised 23/11/2010
1. Purpose and scope
The Data Protection Act 1998 came into force on 1 March 2000. It is concerned with the rights of individuals to gain access to personal information held about them by an organisation or individual within it, and the right to challenge the accuracy of data held. The terms of the Act relate to data held in any form, including written notes and records, not just to electronic data.
The 8 data protection principles
The Act requires that all staff and others who process or use any personal information must ensure that they adhere to the 8 data protection principles. In summary these require that personal data, including sensitive data, shall:
I. be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met;
II. be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose;
III. be adequate, relevant and not excessive for those purposes;
IV. be accurate and kept up-
V. not be kept for longer than is necessary (N.B. retention of data for historical or statistical research is allowed under Section 33 of the Act);
VI. be processed in accordance with the data subject’s rights;
VII be kept safe from unauthorised access, accidental loss or destruction;
VIII not be transferred to a country outside the European Economic Area (the EU member states, plus Norway, Iceland and Liechtenstein), unless that country has equivalent levels of protection for personal data.
The Act is meant to be permissive rather than restrictive, which means that provided the above principles are adhered to (e.g., you have permission from the data subjects to process their data and are doing it for a registered purpose) then you can process the data and disclose them to an allowable body.
Definition of 'data'
In the terms of the Act, data are information relating to an individual where the structure of the data allows information about the individual to be readily accessed. The information may be held in manual form (e.g., as written notes relating to a person or as part of a filing system, including card index or filing cabinets structured by name, address or other identifier) or in a form capable of being processed electronically. Personal data are any data relating to a living individual (e.g., name, address, payroll details, test results). Sensitive data form a subset of personal data that relate to a living person, recording such things as racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, criminal convictions, etc. Data are processed whenever compiled, stored or otherwise operated upon.
Disclosing personal data
Personal data should not generally be disclosed to third parties without the permission of the individual concerned. In this context, "third parties" includes family members, friends, local authorities, government bodies and the police, unless disclosure is exempted by the 1998 Act or by other legislation. Under certain circumstances, data may however be released. Note that among other circumstances the Act permits release of data without express consent:
for the purpose of protecting the vital interests of the individual (e.g., release of medical data where failure to do so could result in harm to, or the death of, the individual)
for the prevention or detection of crime
for the apprehension or prosecution of offenders
for the discharge of regulatory functions, including securing the health, safety and welfare of persons at work
where the disclosure is required by legislation, by any rule of law, or by the order of a court.
Despite the data recorded about animal treatments appearing to fall outside the definition of personal data, we will work to a level of confidentiality as though it was the same, and will be covered by our Confidentiality Policy.
Records of complaints or other personal/sensitive information will be treated by the Data Protection Act.
Computerised records of names, addresses, phone & email, animals & their names, vet and how the owners came to find us will be kept for marketing purposes – understanding our business and sending out our Newsletter, etc. No computerised records will be kept of any pet's health, nor of owner's circumstances.
No third parties will have routine access to computerised or hand-
We will not pass on or sell these records to anyone without permission.
Anyone can check on the information held, either on computer, or on paper, or both,
by applying to Dr Vav Simon, Natural Therapy Centre for Animals Ltd, Aldermoor Farm,
Upton Road, Ryde, Isle of Wight PO33 3LA, by calling 01983 566009 and asking for
Vav Simon, or by email at vav@ntc-