Sensitive personal data relates to information regarding race or ethnic origin, political opinions, religious or other beliefs, trade union membership, criminal proceedings or convictions, physical or mental health and sexual orientation.
This kind of information is considered private and could potentially be used in a discriminatory manner. Sensitive data must be treated with greater care than normal personal data.
The rules for processing this type of data are also much more rigorous than for personal information. For example, you cannot use a database of identified ‘ethnic’ names to send out targeted marketing information. The conditions for processing, explained later in the course, must be closely followed.
Key Definitions
Data subject
The person that the data is about: any living person about whom information may be held, including both personal customers and employees, sole traders and partners from within a partnership.
Data controller
The person or people who determine the legitimate purpose for which the personal data will be used. The data controller is usually an organisation rather than an individual, such as a council or government department.
Data processor
The person or people who process the data on behalf of a data controller. For example, in an online marketing company, the people who send out the emails are the data processors. The company here is the data controller.
Third party
Any person, other than the data subject, data controller or data processor, involved in the disclosure of personal data. For example, a witness to a contract between two people.
Recipient
Anyone who personal data is disclosed to, including a data processor, a witness or other employees.
Processing
Any activity relating to data, from the initial collection through organising, altering, consulting, using, disclosing or combining through to the final destruction of the data. This includes just holding data, either electronically or manually.
Subject access
The right an individual has to obtain a copy of all personal information held about themselves. This will be covered in more detail later in the course.
Automatically or electronically stored recordsĀ
This covers any document or image held by a business, either collated manually or by automatic means, such as online feedback forms. It applies to:
Manual records in a relevant filing system
This applies to manually processed information that forms part of a structured set, such as file records or a filing system, that are not stored electronically and in a way that makes specific personal information readily accessible.
Manual records allow businesses to reference an individual or reference criteria relating to the individual.