The Data Protection Act 1998 provides the public with the right to ask for, and be provided with, a copy of information held about him/her by, or on behalf of, the Council.
This right extends to cover any information, whether it is held on a computer, is on paper, or forms part of any other media. This right is known as the Subject Access Right.
As of January 2010, the Information Commissioner has the power to issue fines of up to £500,000 where a breach of personal data has occurred. As such it is essential that the Council takes appropriate measures to ensure the identity of applicants prior to the disclosure of personal information.
The Council firmly believes that disclosing sensitive personal data without carrying out identity checks would not be considered to be taking appropriate technical measures against unauthorised or unlawful disclosure of personal information. If the Council failed to carry out such checks, which resulted in the disclosure of personal information to an unauthorised third party, we would be at serious risk of a fine.