Data protection and privacy
The council is committed to protecting your privacy and will treat your personal data in accordance with the requirements of the Data Protection Act 1998. This page provides details of how to request access to the information that we hold about you.
The Data Protection Act 1998 (DPA) protects the privacy of individuals and places obligations on organisations that process personal data. Personal data is any information about a living individual that can identify them. The council needs to process and store personal data in order to provide its services effectively. Our Data Protection Policy explains the way that our councillors, employees and anyone else working with the council must handle personal information. To view our Data Protection Policy use the following link:
How to make a request for your personal data
In general, the DPA gives individuals a right to access the personal data an organisation is processing about them, unless an exemption applies. This is called a Subject Access Request and you can make a request to us to access your personal data and information. We charge a fee of £10 for Subject Access Requests.
To make a Subject Access Request for personal information under the DPA, you must make a written request. This can be done by any of the following methods:
Post: You can donwload a copy of our Subject Access Request Form for completion and return by post, by using the link below.
Email to: firstname.lastname@example.org
Write to: Data Protection Officer, Epping Forest District Council, High Street, Epping, Essex CM16 4BZ
Online: complete the Data Protection Contact Form
Written Subject Access Requests submitted by email, letter or the Data Protection Contact Form must include your name and contact address, and should describe the information you want. In responding to your request, we will ask you for evidence of your identity and the relevant fee. We may also ask you to provide some details of the information you require, to help us understand what information you are seeking and where the data may be held.
We will reply to your request within forty calendar days of receiving evidence of your identity and the Subject Access Request fee. We will give you access to all the information you have asked for unless:
- an exemption applies to some or all of it (see below), or
- there is information about someone else included with your own information and it is necessary to withhold some or all of it
We will not:
- ask you why you want the information or what it will be used for
- ask you to keep what we have told you confidential, or
- refuse any request unless an exemption applies
Providing information to you might affect the rights of other people. For instance it might include personal data about other people. If so, we may contact them to help us decide whether the information should not be disclosed. We will normally provide a copy of the information you require, but in some circumstances, if there is a large volume of information, we may invite you to view the information at the Civic Offices.
We may withhold disclosure of information we hold about you where the law allows. The main reason for exemption will be where the disclosure of information would prejudice the prevention or detection of a crime or the apprehension or prosecution of offenders.
Section 29 of the Data Protection Act 1998 allows the council to share personal data with the police and other investigative agencies without the consent of the data subject, where information is required:
- for the prevention or detection of crime; or
- for the apprehension or prosecution of offenders; or
- for the assessment or collection of tax or duty.
The disclosure of personal information to the police or other agencies is not compulsory, and will only be made where one or more of these circumstances apply and non-disclosure would prejudice an investigation into one of the above, or where the council is served with a Court Order requiring the disclosure of the information.
A copy of our Data Sharing Form for information about another person, for completion and return by post, can be downloaded using the link below.
National Fraud Initiative (NFI) - Data matching exercise
This authority is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Audit Commission appoints the auditor to audit the accounts of this authority. It is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explananation until an investigation is carried out.
The Audit Commission currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data for matching to the Audit Commission for each exercise, and these are set out in the Audit Commission's NFI guidance on their website.
The use of data by the Audit Commission is a data matching exercise and is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by the Audit Commission is subject to a Code of Practice which can be downloaded from their website.
For further information on the Audit Commission's legal powers and the reasons why it matches particular information, see the Audit Commission's Fair Processing page. For further information on data matching at this authority contact Chief Internal Auditor, Brian Bassington on 01992 564446
For further infomation on our approach to your data, please see the rest of our Data protection and privacy page.
Requests for all other types of data, which is not personal information, is dealt with under the provisions of the Freedom of Information Act 2000. For further information please visit our Freedom of Information page.
If you are not happy with how we handle your request for personal information, you can make a complaint through our Compliments and complaints scheme.
If you are still not satisfied, you can contact the Information Commissioner. The Information Commissioner is an independent official appointed to oversee the Data protection Act 1998. Further information can be found on the Information Commissioner's Office website.
The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House, Water Lane,
telephone: 0303 123 1113