The Act is based on eight legally enforceable principles that organisations and individuals must apply when they process your personal data. The Act states that all personal data must:
- Be processed fairly and lawfully;Only be obtained and processed for specified and lawful purposes;
- Be adequate, relevant for the purpose and not excessive;
- Be accurate and, where necessary, kept up to date;
- Not be kept longer than necessary;
- Be processed in accordance with the data subject’s rights;
- Be kept secure;
- Not be transferred to other countries without adequate protection for the rights and freedoms of the data subject.
What is Personal Data?
Personal data is any data which, on its own or referenced against other data held by the organisation, can be used to identify a living individual.
This includes all the obvious details the Northern Ireland Ambulance Service might hold about you like name, address, medical treatment etc. It might also include expressions of opinion about you and the Service’s intentions towards you eg staff records.
The Northern Ireland Ambulance Service collects and retains information on patients and callers, and in order to provide efficient emergency care we have to:
- Find out who and where you are – we will need your name, address and date of birth.
- Identify and establish what your symptoms are and collect other relevant medical information which will help us to treat you effectively and get you to hoital safely and in a timely manner.
This information when collected is then written up on the patient report form (PRF) which goes with you to hospital.
The Act recognises that some types of personal data are more sensitive than others. There are extra rules for processing data about your ethnic origin, religious beliefs, trade union membership, party political opinions, sexuality, health, involvement in court proceedings etc.
What does processing personal data mean?
Processing personal data includes collecting, storing, accessing, changing and destroying any information about you. The amount of personal data we have about you and how we process it depends on how you were involved with the services that Northern Ireland Ambulance Service operate.
Occasionally we take photographs of people using our services, for promotional leaflets or other publicity purposes. If you can be identified from this type of photograph we will explain why we want it and ask for your consent beforehand.
We may use the information you give us when you use our Service for research or statistical purposes and to help us plan for the future, but we will not include any personal data in our reports and plans.
Who processes my personal data?
Employees of the Northern Ireland Ambulance Service can access and process your personal data for their official duties, but only the data needed for a specific purpose. They must not disclose your personal data to anyone else without your knowledge, unless they are legally obliged to do so.
In order to provide immediate care and treatment, some or all of these people will need/access your details:
- The Ambulance Control Officer and the Ambulance Crew who attend you;
- If you are in a road traffic collision or similar incident, the Northern Ireland Fire and Rescue Service or PSNI may need the details to assist you
- Acopy of your PRF and possibly verbal details will be given to the accident and emergency staff when you arrive at hospital
If you make a complaint about our service to you or complain directly to a third party organisation, your personal data may be shared with other statutory bodies concerned eg hospitals, Police Ombudsman, PSNI. Administration and Support Staff process complaints, claims or respond to requests for personal information.
Can I see my personal data?
The Data Protection Act gives you a general right of access to personal data that relates to you. Access requests must be made in writing; with enough information to locate the data requested and proof that you are the data subject.
You can request access to your personal data using our subject access form. This form is designed to help you give us the information we need to find your personal data. You may have to pay a fee of up to £10 but we will confirm that when we receive your data subject access request.
We have 40 days from receiving the access application to get back to the applicant and tell them whether we are holding information about them. If we are, we must:
- Give a description of the personal data;
- Why the data is held;
- Who else the data might have been given to;
- A copy of the data;
- An explanation of any technical terms or abbreviations;
- Any information about the original source of the data.
We can withhold some data if it refers to other people who have not consented to disclosure, if disclosure might cause serious harm to you or anyone else or might prejudice crime prevention or court proceedings. Even if we cannot provide you with copies of the data, we will confirm what type of data we hold and why we hold it.
Can I see personal data about other people?
You only have the right to access your own personal data. You do not have the right to access personal data about other members of your family, your friends or your neighbours’ unless;
- You have written proof of your authority to act on behalf of someone else;
- Parents may request information about a child under 16, but there is no automatic right to the data;
- A solicitor may request information on behalf of a client.
Even if you meet these requirements we may need to ask you for more information before we reply or refuse access because of our duty to keep personal data confidential.
Obtaining personal data from Northern Ireland Ambulance Service employees for an unauthorised purpose or unauthorised disclosure to a third party are offences under the Act.
How secure is your personal information?