Policy Details

Data Protection

Dated: 28 Nov 2012


POLICY TITLE: Data Protection

AUTHOR: Manager of Information Management Unit

CONTACT DETAILS: Data Protection and Disclosure Advisor - 101, Ext. 49441



AIM OF POLICY: Northumbria Police recognises the sensitive nature of much of the personal data it processes and its duty in respect of data held by the Force and will protect individuals from the use of erroneous information, or the misuse of correct information.

BENEFIT OF POLICY: Northumbria Police will be able to demonstrate that it complies fully with relevant legislation concerning the storage, retention and disposal of personal information, thereby avoiding criminal prosecutions and/or disciplinary action resulting from instances of unauthorised access to sensitive police or government information.

REASON FOR POLICY: This policy has been drafted in accordance with the Human Rights Act 1998 and reflects the requirements of the Data Protection Act 1998 and the responsibilities laid out in the National Police Chiefs Council (NPCC), formerly Association of Chief Police Officers (ACPO), 2009 Manual of Guidance on Data Protection.

Northumbria Police will comply with the eight Data Protection Act principles summarised below when processing personal data:

1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;

2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;

3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;

4. Shall be accurate and, where necessary, kept up to date;

5. Shall not be kept for longer than is necessary for that purpose or those purposes;

6. Shall be processed in accordance with the rights of the data subject under the Act;

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;

8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Northumbria Police are registered with the Information Commissioner for the purposes of the prevention and detection of crime, apprehension and prosecution of offenders, maintenance of law and order, protection of life and property, vetting and licensing, public safety and rendering assistance to members of the public in accordance with Force policy. (Northumbria Police’s Registration Certificate - is accessed via the Information Commissioner's Office website).

In addition to the ‘policing’ purposes outlined above, Northumbria Police is also registered for the support purposes of (1) staff administration (which covers appointments or removals, pay, discipline, superannuation, work management or other personnel matters in relation to staff) and (2) administration and ancillary support for policing purposes (which includes records of computer transactions/computer message logs, telephone message logs, police property management logs etc.).

Northumbria Police collects and uses certain types of information about the people with whom it deals in order to perform effectively as a police force. This includes current, past and prospective members of staff, offenders, victims, witnesses, suppliers, clients/customers and others with whom it communicates. This personal data will be dealt with properly when it is collected, recorded, used and destroyed, whether by manual or electronic means. Northumbria Police regards the lawful and correct treatment of personal data as essential to the successful operation of the Force, and the achievement of Force aims and objectives and to maintaining the confidence of members of the public. Numerous information systems exist within the organisation and the integrity and value of this information is paramount. If any breach of the Data Protection Act 1998 does take place then this will be dealt with in accordance with this policy and other associated policies and legislation.


The 1998 Act grants greater powers than previous legislation to the Information Commissioner and provides more extensive rights for the individual. An individual has the right to claim compensation for damage or distress suffered as a result of non-compliance, be it inappropriate processing or poor data quality. If an individual complains to the Information Commissioner’s Office then the Information Commissioner is obliged to investigate to establish if a breach of the Data Protection Act 1998 has occurred.


The Information Commissioner can serve a Data Controller with an 'information notice' requiring the Data Controller to provide certain information within set time limits. Failure to comply with such a notice, or providing deliberately false information, is a criminal offence. (The Chief Constable is the Data Controller for Northumbria Police. Management of the statutory obligations is delegated to the Force Data Protection and Disclosure Advisor)

If the Commissioner concludes that there has been a breach of the Act, they may then serve a Data Controller with an 'enforcement notice'. This could force a Data Controller to cease processing personal data, or cease processing data in a particular way. Failure to comply with an enforcement notice is a criminal offence.

SOURCE DOCUMENT: Data Protection Act 1998; Computer Misuse Act 1990; Official Secrets Act 1989

GROUPS AFFECTED: Every member of Northumbria Police; both officers and staff, whether employed, contracted or a volunteer including those external to Northumbria Police who have access to Northumbria Police information/systems and the communities of Northumbria Police.