Newsome Vaughan Solicitors LLP – Privacy Policy

Data Protection

The Firm is required to comply in a number of ways with the Data Protection Act 1998 ("the Act"). The first of these is registration under the Act. It is the responsibility of the Firm's Chief Executive Paul Saunders to ensure that:

  • the Firm is registered for all necessary activities under the Act;
  • there is a process of continual review to determine whether any changes in the Firm's registration are required as a result of changes in the nature of the business;
  • the details of the Firm as registered are kept up to date.

Data protection principles

The second aspect of compliance is the observance of the principles which underlie the Act, namely that all data which is covered by the Act (which includes not only computer data but also personal data held within a filing system) is:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate;
  • not kept longer than necessary;
  • processed in accordance with the data subject's rights;
  • secure;
  • not transferred to countries without adequate protection.

Codes of practice

A further layer of compliance is that there are a number of codes of practice provided under the Act, which the Firm will observe. These may be altered or added to by the Information Commissioner, who is responsible for the administration of the Act. At present, applicable codes apply to:

  • various aspects of employment practice, including
    • recruitment and selection
    • records management
    • monitoring at work
    • medical information

Subject access requests

Any individual whose data is  held by the Firm may make what is called a "subject access request", i.e. a request to see what data is actually held about them. All such requests should be addressed in writing to the Chief Executive, who will arrange for the Firm to comply promptly with the request.

Security of data

One of the aspects which the Firm is keen to observe is with regard to the security of data. This may mean electronic or physical security, or, as with a laptop computer, both. All personnel must comply with such policies as are from time to time notified to them in respect of the Firm's computer system, and in particular must observe secrecy in respect of any password or user name. Access to any part of the Firm's network must not be given to any unauthorised person.