From the Information Commissioner’s Office:
Councillors who handle personal data must check if they need to register as a data controller or risk a fine of up to £5,000, the Information Commissioner’s Office (ICO) said today.
The ICO is writing to councillors across the country to urge them to check if they are fulfilling their legal requirements under the Data Protection Act. Over 6,000 councillors are currently registered with the ICO, but a further 13,000 are potentially not fulfilling their obligations.
While not all councillors will need to notify with the ICO, failure to do so when required is a criminal offence and, if convicted, defendants can face a fine of up to £5,000 in the Magistrates Court or an unlimited fine in the Crown Court.
In determining whether they need to notify, councillors need to consider the role in which they are processing personal information. If doing so as a member of the council or as a representative of a major political party, councillors will not normally be required to notify with the ICO. However, when carrying out their role as a representative of the residents in a ward or an independent councillor who is not affiliated to any political arty a councillor may need to notify.
Simon Entwisle, Director of Operations at the ICO, said:
“Most councillors have regular access to the personal information of the residents they represent. Like all organisations who handle people’s 1 information, it is of paramount importance that they take their responsibilities under the Data Protection Act seriously.
“We will be writing to councillors with advice on whether they need to notify with the ICO. Those who fail to notify with us when required may face enforcement action.”