Data Protection Policy
The obligations on "processors" and "controllers" of "personal data" and information is predominantly set out in the Data Protection Act, 1988 (the "1988 Act") which was amended by the Data Protection (Amendment) Act, 2003 (the "2003 Act" but hereinafter referred to as the "Acts").
If the data controller is likely to come into possession of information that could identify a living person, whether directly (i.e. data with specific identifying information on it) OR indirectly (i.e. through separate identifying information which the data controller may be in the possession of) . "Personal data" is defined under the Acts as data relating to an existing individual person. Therefore, personal data does not include business names and addresses but it would include a business email address which relates to a living individual.
City Investigations is fully committed to ensuring compliance with the Data Protection Act 1998. City Investigations will therefore follow procedures which aim to ensure that all employees, elected members, contractors, agents, consultants, partners or other servants of the agency who have access to any personal data held by or on behalf of the client, are fully aware of and abide by their duties under the Data Protection Act 1998 - 2003.
Clients must be aware that the Data Protection Acts 1998-2003 only applies where the information held can identify the person; once identifying information has been removed information is no longer held under the Data Protection Acts 1998-2003
In order to operate proficiently and within legislative frameworks, City Investigations has to collect and use information about people with whom it works. These may include members of the public, current subjects under investigation, past and prospective employees, clients and customers, and suppliers. In addition it may be required by law to collect and use information in order to comply with the demands of legislative requirements. i.e. Revenue commissioners and employment legislation, Health and Safety Acts etc.
City Investigations regards the lawful and correct treatment of personal information as vital to the success of the agency and ensures confidence between the agency and all persons and bodies it deals with in the course of business. City Investigations prides itself on its adherence to the legal frameworks and ensures that personal information is lawfully gathered and correctly stored.
To this end we fully endorse and adhere to the Principles of Data Protection, as published in the Data Protection Act 1998-2003.
Specifically, the Principles require that personal information:
- Will be processed impartially and lawfully and the information will not be processed unless specific strict conditions are met.
- Will be acquired only for one or more specified and lawful purposes. Clients note: City Investigations will under no circumstances breach the conditions of the Data Protect Acts 1998-2003. If your purposes are not lawful and City Investigations comes into possession of information to prove this then City Investigations reserves the right to report directly to the Data Protection agency, and information will not be further processed in any manner incompatible with that purpose or those purposes of the data protection acts.
- Will be sufficient, relevant and not unnecessary in relation to the purpose or purposes for which they are processed.
- Will be precise and, where required, kept up to date.
- Will not be kept for longer than is necessary for that purpose or those purposes.
- Will be handled in accordance with the rights of data subjects under the Act.
- Will not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data, and
- Suitable technical and organisational procedures will be taken against illegal or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Therefore, City Investigations will, through suitable management, strict application of criteria and controls:
- Observe fully any/all conditions regarding the fair collection and use of information.
- Ensure that all legal obligations are adhered to specifically for the purposes for which information is used.
- Collect and process appropriate information, and only to the extent that it is needed to ensure the smooth running of the business and to comply with any legislative requirements.
- Ensure the quality of information used.
- Apply strict checks to adhere to the data protections act in regard to the length of time information is held.
- Ensure that the rights of people about whom information is held, are able to be fully implemented under the data Protection Act 1998-2003. (These include: the right to be kept up-to-date when processing is being undertaken, the right of access to personal information, the right to stop personal information being used, in certain circumstances, and the right to correct, rectify, block or erase information which is regarded as incorrect).
- Guarantee that appropriate technical and organisational procedures are implemented and updated consistently to safeguard personal information.
- Guarantee that personal information is not transmitted abroad without implementation of suitable security procedures.
Section 7 of the Data Protection Acts deals with the duty of care owed by data controllers and data processors and provides:
"For the purposes of the law of torts and to the extent that that law does not so provide, a person, being a data controller or a data processor, shall, so far as regards the collection by him of personal data or information intended for inclusion in such data or his dealing with such data, owe a duty of care to the data subject concerned." Section 7 of the Data Protection Acts 1988 - 2003 provides that individuals whose data rights have been breached can seek redress through the court. Therefore you can be assured of the highest data protection standards applied to your information, case notes and correspondence.
In addition, City Investigations will ensure that:
- There is a controller or processor with precise responsibility for data protection in the agency (currently, the designated person is our Office Manager).
- Each person managing and handling personal information understands that they are contractually accountable for ensuring compliance with good data protection practice.
- Each person managing and handling personal information is correctly trained to do so.
- Each person managing and handling personal information is correctly supervised.
- Each person who may require personal information training in handling personal information knows what steps to follow.
- Questions about handling personal information are promptly and politely dealt with.
- Procedures for the handling of personal information are clearly defined.
- A regular review and audit is made of the way personal information is managed.
- Procedures for the handling of personal information are regularly considered and assessed.
- Performance of every person handling personal information is regularly considered and assessed.
Any breach of the data protection policy, either deliberate or through negligence, may lead to disciplinary action being taken and could in some cases result in a criminal prosecution.