Data Protection Statement
This is a statement outlining how the Financial Services Compensation Scheme Limited ("FSCS") meets its obligations under the Data Protection Act 1998 ("the Act").
The statement is subject to regular review to reflect, for example, changes to legislation or to the structure or policies of FSCS. The statement is made available to all staff who are expected to apply it.
FSCS needs to collect and use certain types of information about people with whom it deals in order to operate.
These include: current and previously authorised persons; live, insolvent and departed firms including all forms of authorised firms; current, past and prospective claimants; FSCS' own employees; suppliers and others with whom FSCS conducts business.
In addition to carrying out our own statutory functions, FSCS may occasionally be required to collect and use certain types of information of this kind to comply with the requirements of other government departments or legislation.
FSCS regards the lawful and correct used of personal information as important to the achievement of our objectives, to the success of our operations and to maintaining confidence between those with whom we deal and ourselves. We therefore aim to ensure that our organisation treats personal information lawfully and correctly.
To this end, we fully endorse and adhere to the principles of data protection, as set out in the Data Protection Act 1998 ("the Act").
The eight principles under that Act require that personal information:
1. must be processed fairly and lawfully and, in particular, must not be processed unless specific conditions are met;
2. must be obtained only for one or more specified lawful purposes, and must not be further processed in any manner incompatible with that purpose or those purposes;
3. must be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
4. must be accurate and, where necessary, kept up-to-date;
5. must not be kept for longer than is necessary for the specified purpose(s);
6. must be processed in accordance with the rights of data subjects under the Act;
7. should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
8. must not be transferred to a country or territory outside the European Economic Area ("EEA") unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
In light of these obligations, FSCS, through appropriate management and controls, will:
- observe the conditions regarding the fair collection and use of personal information;
- meet our legal obligations to specify the purpose(s) for which the personal information is to be used;
- collect and process personal information only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirements;
- ensure the quality of the personal information used;
- ensure that personal information is held for no longer than necessary;
- ensure that the rights of people about whom the information is held can be exercised under the Act e.g. the right to access one's personal information, to prevent processing in certain circumstances and to correct, rectify, block or erase information where it is wrong etc.
- take appropriate technical and organisational measures to safeguard personal information;
- ensure that personal information is not transferred outside the EEA without appropriate safeguards being in place.
In order to achieve compliance with the Act and its principles, FSCS has:
- created and implemented various internal policies and procedures, available to all staff, outlining individual and organisational data protection responsibilities and providing detailed guidance on FSCS internal data protection procedures.