 |
| |
|
10 March 2010 |
|
|
|
Data
Protection Act
|
For
the purposes of the Data Protection Act 1998 (‘the Act’),
the Commissioner is the data controller of all information capable of
identifying living individuals (‘personal data’) contained
in or relating to complaints processed by him – for example, the
names and other personal details of complainers, MSPs and third parties.
The Commissioner keeps all personal data securely for at least 5 years.
Such information is used by the Commissioner to assist him in doing his
job of investigating and dealing with complaints about MSPs. It is not
disclosed other than to help the Commissioner carry out his job or where
required by law or Parliamentary Standing Orders – the main example
being to produce his report for the Standards, Procedures and Public Appointments Committee. This report
is usually made public by the Standards, Procedures and Public Appointments Committee along with its own
report to Parliament.
The Commissioner also makes an annual report to Parliament, which may exceptionally
contain personal data. The Commissioner might also require to pass information
to the police and prosecuting authorities if a complaint potentially involves
the commission of a criminal offence by an MSP. Individuals can ask to
access personal data held about them by the Commissioner (‘subject
access’) in return for a fee of up to a maximum of £10. Because
the Commissioner performs a regulatory function, some of the processing
he carries out may be exempt from some of the provisions of the Act (e.g.
the subject access right) in some circumstances.
|
|
|
|
|
|
