Data Protection Act
Sandwell Metropolitan Borough Council needs to collate and use personal information of individuals in order to provide services to service users. The Data Protection Act 1998 (DPA) places a statutory responsibility on Sandwell Metropolitan Borough Council as a Data Controller to protect the personal data it holds. The DPA consists of seven principles which Sandwell Council must follow.
For further information regarding all eight principles visit the Information Commissioner's Office website
Your rights under the Data Protection Act 1998
The DPA gives you rights in respect of personal information you provide:
- To ask us if we hold personal information about you and to be provided with that information
- To request that inaccurate personal information about you be corrected
- To cease using your personal information for direct marketing purposes
- To request that we stop using personal information about you where it is causing unnecessary damage or distress
For further information regarding your rights under the DPA visit the Information Commissioner's Office website
A central feature of the DPA is called 'fair processing'. This means that where you provide personal information to the Council, we will let you know why we are collecting the information. If you complete a form and provide personal information and it is not made clear why you are supplying us with that information then you have a right to be informed of the reasons. If you feel that you have been asked to provide personal information to a department of the Council and you were not informed as to why then please contact the Data Protection/Freedom of Information Unit on the contact details below.
For information regarding fair processing in schools and academies, please visit the Schools and Academies Fair Processing page.
How to request a copy of the personal data held about you
You can request copies of the personal information the council holds about you. This request is called a Subject Access Request or SAR.
To submit a Subject Access Request you can:
Information Management Unit
Oldbury Council House
When submitting your request you must include:
- Your full name
- Your current address
- A detailed explanation of the information you are requesting, if you can include dates and the names of any departments or employees you have had contact with it will help us locate the information you require.
What the council can ask you to provide before dealing with your request
Before dealing with your request, the council may ask for:
- Further information to assist the location of your information
- Proof of identity
- £10 fee
If the Council requires any of these an Officer will contact you promptly. The Council has 40 calendar days to respond to your request. The 40 days will begin once the Council receives your request, and any of the above if requested.
How we process your request
Once the Council receives your request you will receive an acknowledgement letter confirming which area of the Council is dealing with your request, and a date by which you should receive your response by.
Responding Officers will deal with your request in line with the Council's Subject Access Request Procedures.
Responding Officers have 40 calendar days to respond to your request. If an Officer requires clarification regarding your request they will contact you as soon as possible and the clock will stop on your request until clarification has been received.
How you can enforce your rights
If you wish to enforce any of your rights under the DPA you can contact the council's Information Management Unit.
Information Management Unit
Oldbury Council House
Phone: 0121 569 3248
National Fraud Initiative Fair Processing Notice
The National Fraud Initiative (NFI) matches electronic data within and between public and private sector bodies to prevent and detect fraud. These bodies include police authorities, local probation boards, fire and rescue authorities as well as local councils and a number of private sector bodies.
The NFI helped trace almost £203 million in fraud, error and overpayment in England in the 2012/13 exercise, bringing the UK total since its launch in 1996 to £1.17 billion.
Public sector bodies are required to submit data to National Fraud Initiative on a regular basis.
This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Cabinet Office is responsible for carrying out data matching exercises.
Data matching involves comparing sets of data held by one body against other records held by the same or another body to see how far they match. This is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Cabinet Office currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Cabinet Office for matching for each exercise. For information describing which datasets are matched by the Cabinet Office please refer to this document which summarises the various match types.
The use of data by the Cabinet Office in a matching exercise is carried out using the data matching powers bestowed on the Minister for the Cabinet Office by Part 6 of the Local Audit and Accountability Act 2014 (LAAA). It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by the Cabinet Office is subject to a Code of Practice.
For further information on the Cabinet Office’s legal powers and the reasons why it matches particular information, please visit the Cabinet Office Fair Processing web page.
For further information on data matching contact the Counter Fraud Unit on 0121 569 2650 or email email@example.com.
If you are unhappy with the council's use of your personal information
If you are unhappy with the use of your personal information by a department of the council or the council as a whole, you can submit a complaint to the Data Protection/Freedom of Information Unit who will investigate your complaint.
Alternatively you can submit a complaint directly to the Information Commissioners Office. Details on how to submit a complaint to the ICO can be found on the ICO website, or you can send a letter to:
Customer Services Team
Information Commissioner's Office