The Data Protection Act
The Parades Commission for Northern Ireland (the Commission), in order to carry on its work, needs to collect and use certain types of information about Individuals or Service Users who come into contact with the Commission. This personal information must be collected and dealt with appropriately and lawfully whether it is collected on paper, stored in a computer database, or recorded on other material or media. This handling of information is subject to safeguards set out under the Data Protection Act 1998 (and other regulations). The Act imposes restrictions on how the Commission may use that information.
You will be made aware, in most circumstances, as to how and with whom your information will be shared by the Commission. There are circumstances where the law allows the Commission to disclose data (including sensitive data) without the data subject’s consent.
a) Carrying out a legal duty or as authorised by the Secretary of State;
b) Protecting vital interests of an Individual/Service User or other person;
c) The Individual/Service User has already made the information public;
d) Conducting any legal proceedings, obtaining legal advice or defending any legal rights;
e) Monitoring for equal opportunities purposes – i.e. race, disability or religion;
f) Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.
The Commission will ensure that data is collected within the boundaries defined within its Data Protection policy. This applies to data that is collected in person, or by completing a form.
When collecting data, the Commission will ensure that the Individual/Service User:
a) Clearly understands why the information is needed;
b) Understands what it will be used for and what the consequences are should the Individual/Service User decide not to give consent to processing;
c) As far as reasonably possible, grants explicit consent, either written or verbal, for data to be processed;
d) Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress;
e) Has received sufficient information on why their data is needed and how it will be used.