data protection act 1998

Website: Home Page About Us Healing Sessions The Energies Training Courses Training Manuals Information Centre Newsletters

____________________________________________________________________________________________________________________________________________

Legal Guidance – Data Protection Act 1998

This Guidance Notice seeks to give information to healers in England on the legislation connected with the holding and processing of information about people. This legislation will be relevant for some healers.

Please note that I am not a qualified legal practitioner and healers affected by this legislation should seek professional legal advice as appropriate.

Please read the introductory guidance on the legislative process in the United Kingdom and Crown Dependencies before reading this Notice. Click here to go to it.

The Data Protection Act 1998 is reproduced below in full under the terms of Crown Copyright Policy Guidance issued by HMSO (Her Majesty’s Stationery Office). Copyright is owned by the Crown and information on reproduction rights may be found on the HMSO website at http://www.opsi.gov.uk/advice/crown-copyright/copyright-guidance/reproduction-of-legislation.htm .

The Data Protection Act was amended by certain provisions within the Criminal Justice and Immigration Act 2008 which became law in May 2008. The Criminal Justice and Immigration Act was essentially a piece of legislation to tidy up and to update previous legislation in a number of areas and only a small part of the Act is relevant to Data Protection. The parts that are relevant to Data Protection are reproduced on a separate page on this website and should be read in conjunction with the reproduction on this page. Please click here to read the Data Protection extracts from the Criminal Justice and Immigration Act 2008.

Background

The Data Protection Act 1998 Chapter 29 came into effect on 1^st March 2000 and replaced the earlier Data Protection Act 1984.

Organisations and people working for themselves or in partnerships hold information about individual people as part of their day to day activity. The overall objective of the Data Protection legislation is to provide a legal framework within which information about people may be held securely when there is a reasonable need to do so but also to prevent the unreasonable dissemination of such information. In the electronic age where it is easy to hold a lot of information about people and to publish or to transmit it, there is a clear need for information about people to be managed in a responsible way.

The Data Protection legislation covers the holding and use of records held in any format (electronic or hard copy) which contain reference to individual people by which their identity can be recognised. The legislation covers all records whether factual, expressions of opinion about people or notes of intention to deal with people in a particular way.

In the context of people working as healers, situations where there is reasonable need to hold records about clients might include:

Records of conditions being treated and effect of successive treatments.
Records of medical treatment and other alternative therapy treatments being received by clients.
Records of visits and payments for accounting and tax calculation purposes.
The writing up of case studies when working towards certification in various energies.

There might also be reasonable need for healers who teach others to hold training records such as:

Who has been taught what and when.
Details of practical work undertaken by students.
Records of case study work undertaken by students.
Details of charges made for accounts and tax calculation purposes.

Some of these situations can fall within the scope of the Data Protection Act requirement to register as a holder and processor of information – a Data Controller. I would recommend, therefore, that healers take the time to read through the reproduction of the legislation below so that they can familiarise themselves with it and to ensure that they work in compliance with it where appropriate. It is an offence not to be registered as an information holder and processor if you should be registered. The current annual registration fee is £35. The people about whom healers hold information should have agreed to the information being held

I would recommend also that healers refer back to the legislation again when a regulatory environment is introduced for energy healers. This is likely to result in the need for a lot of detailed record keeping and all of this will have to be undertaken within the rules set out in the legislation.

The simple overview of the legislation is as follows.

Part 1 deals with terminology.

Schedule 1 of Part 1 gives the eight basic principles or rules around which the legislation has been constructed. These require that information about people is:

· fairly and lawfully processed in the context of common law and other legislation;

· processed for limited purposes;

· adequate, relevant and not excessive;

· accurate;

· not kept longer than necessary;

· processed in accordance with the framework in law;

· kept secure;

· not transferred abroad without adequate protection.

Schedules 2, 3 and 4 of Part 1 outline the situations in which it is lawful to process and to hold information relating to individuals.

Part 2 deals with the rights of individual about whom information is held to require the holder of the information to disclose to the individual what information is being held about him / her. It also deals with remedies in law if incorrect information is held about an individual.

Part 3 deals with actions that holders of information need to undertake to register with what was called the Office of the Data Protection Commissioner. The Freedom of Information Act 2000 led to the renaming of the Data Protection Commissioner as the Information Commissioner working from the Information Commissioner’s Office. The Information Commissioner is effectively the Regulator for Data Protection. Registration means that the Office knows who is holding and processing information and knows who is required to comply with the relevant legislation.

Part 4 deals with certain situations which are exempt from the general provisions of the legislation.

Part 5 deals with offences under the legislation and sets out the basis in law under which the Information Commissioner can enforce compliance with the legislation.

Part 6 deals with the relationship between the Information Commissioner and Parliament and with various other miscellaneous matters.

The website of the Information Commissioner’s office is at http://www.ico.gov.uk/ . The website gives guidance on data protection related issues. There is an online helpline service if you cannot find answers to your queries on the website at

http://www.ico.gov.uk/Global/online_enquiries.aspx.

Reproduction of the legislation

The legislation is reproduced below. Anything which is underlined in the Arrangement of Sections has a hyperlink to its place within the legislation.

Data Protection Act 1998 Chapter 29 ARRANGEMENT OF SECTIONS
PART I
PRELIMINARY
Section
1.	Basic interpretative provisions.
2.	Sensitive personal data.
3.	The special purposes.
4.	The data protection principles.
5.	Application of Act.
6.	The Commissioner and the Tribunal.
PART II
RIGHTS OF DATA SUBJECTS AND OTHERS
7.	Right of access to personal data.
8.	Provisions supplementary to section 7.
9.	Application of section 7 where data controller is credit reference agency.
10.	Right to prevent processing likely to cause damage or distress.
11.	Right to prevent processing for purposes of direct marketing.
12.	Rights in relation to automated decision-taking.
13.	Compensation for failure to comply with certain requirements.
14.	Rectification, blocking, erasure and destruction.
15.	Jurisdiction and procedure.
PART III
NOTIFICATION BY DATA CONTROLLERS
16.	Preliminary.
17.	Prohibition on processing without registration.
18.	Notification by data controllers.
19.	Register of notifications.
20.	Duty to notify changes.
21.	Offences.
22.	Preliminary assessment by Commissioner.
23.	Power to make provision for appointment of data protection supervisors.
24.	Duty of certain data controllers to make certain information available.
25.	Functions of Commissioner in relation to making of notification regulations.
26.	Fees regulations.
PART IV
EXEMPTIONS
27.	Preliminary.
28.	National security.
29.	Crime and taxation.
30.	Health, education and social work.
31.	Regulatory activity.
32.	Journalism, literature and art.
33.	Research, history and statistics.
34.	Information available to the public by or under enactment.
35.	Disclosures required by law or made in connection with legal proceedings etc.
36.	Domestic purposes.
37.	Miscellaneous exemptions.
38.	Powers to make further exemptions by order.
39.	Transitional relief.
PART V
ENFORCEMENT
40.	Enforcement notices.
41.	Cancellation of enforcement notice.
42.	Request for assessment.
43.	Information notices.
44.	Special information notices.
45.	Determination by Commissioner as to the special purposes.
46.	Restriction on enforcement in case of processing for the special purposes.
47.	Failure to comply with notice.
48.	Rights of appeal.
49.	Determination of appeals.
50.	Powers of entry and inspection.
PART VI
MISCELLANEOUS AND GENERAL
*Functions of Commissioner*
51.	General duties of Commissioner.
52.	Reports and codes of practice to be laid before Parliament.
53.	Assistance by Commissioner in cases involving processing for the special purposes.
54.	International co-operation.
*Unlawful obtaining etc. of personal data*
55.	Unlawful obtaining etc. of personal data.
*Records obtained under data subject's right of access*
56.	Prohibition of requirement as to production of certain records.
57.