The Data Protection Act 1998 defines personal data as;
“Data which relate to a living individual who can be identified—
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”
Sensitive Personal Data
The Data Protection Act 1998 makes special reference to information defined as “sensitive personal data” which refers specifically to information such as;
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c) his religious beliefs or other beliefs of a similar nature,
(d) whether he is a member of a trade union
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
All personal data, especially sensitive personal data should be handled with the utmost care. The Data Protection Act 1998 places specific obligations on organisations who wish to process sensitive personal data.
If you are unclear of whether information you are processing is personal or sensitive personal data, please email the Information Governance team or telephone 01392 383000 – ask for Information Governance