Warning: Use of undefined constant includes - assumed 'includes' (this will throw an Error in a future version of PHP) in /homepages/14/d377707900/htdocs/tvpe.com/wp-content/themes/targetpro/functions.php on line 322
Data Protection Act - The Virtual Privacy Expert
Call On: 0845 5442755

Data Protection Act

What do you mean I can’t take pictures of baby Jesus?

What do I mean by this?

If, like me you have children, they and their schools will be gearing up for their Christmas production.  What we have witnessed over the last few years is many schools quoting data protection as the reason for not letting parents take pictures at these events – this is WRONG!

blogphoto3Pictures taken for personal use are exempt from the Data Protection Act, in other words the law does not apply as long as they are for your own personal use.  If a school is using this as the basis for not allowing parents to take pictures, they are relying on the wrong law and will need to review their policy in this regard.


Quite often we see the schools themselves taking pictures or have outside companies capturing the event on video.  If they are stating Data Protection as the reason, again they are wrong!  Now it maybe they have put a ‘belt and braces’ approach in place under the safeguarding children rules, however there is opportunity to be flexible in this regard.

I for one feel cheated at not being able to take pictures and have had many a ‘discussion’ with the teachers regarding this very issue!

I understand the need for child protection, and would strongly recommend having processes and policies in place line with safeguarding children.  To be clear, there is no direct threat to a child by another parent having taken a photo of their own child and that other child being in the photo.

There are a number of statutory guidance and provisions relating to child safeguarding that are available and applicable to institutions like schools. which the schools would be expected to take into account. These include, but are not limited to:

  • The Education Act (2002) Section 175
  • The Children Act 2004
  • Working Together to Safeguard children 2006
  • The Children Act 1989
  • Section 115(4) of the Police Act 1997
  • Every Child Matters
  • The Sexual Offences Act
  • Working Together to Safeguard Children (2010)

As mentioned above and in line with safeguarding rules, it would be advisable for the school to have an appropriate ‘photography policy’ and to consider giving the parents a set of ‘conditions’ they have to abide by, should they wish to take photos.  This may include making parents aware that photograph are being allowed at events, provisions for those parents who do not wish to have their child included in any photographs to be removed and perhaps have a photo opportunity at the end of the event, that any photographs taken are only for personal use and that should they be shared that nothing more than the first name of any other child in the photo be disclosed.

Although, they will need to understand that actually they will have no control over the actions the parents may take with the pictures.  Should any action be taken that means it is no longer classed as ‘personal use’ its the person who took the pictures who is responsible for compliance with the Data Protection Act and NOT the school.  The Act includes provisions for prosecution should a person act outside of the law in this regard.

Is the threat to children any greater than it was 10 years ago – NO!  The world has gone mad and protection crazy.

Safeguarding children is primarily about reducing the risk to children and at the same time promoting their welfare.  Compliance with regards to taking photographs of children is just one small element of this.  It usually means that there just needs to be a clear policy and guidance – awareness is the key!  By informing parents of what the school expects everyone is happy – it’s a win win!

If you are a school and need further help or advice in setting a policy and guidance for parents, or if you are a parent looking to clarify these issues, then feel free to contact me and lets help more people preserve their memories and stay on the right side of the right laws!

Yours in best practice!



Transfer of Personal Data – How to avoid Penalties & unwanted Publicity…


…which both ultimately lead to loss of reputation!

Principle 8 of the Data Protection Act 1998 “Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.”

This is the UK law that applies to whether a transfer of personal data, information that can identify an individual, can legally take place.

Personal data can only be transferred within the EEA, or to a country subject to a ‘finding of adequacy’ or if they have signed up to the Safe Harbor Scheme (more on that later).  Otherwise, you will need to assess whether the transfer will provide an adequate level of protection “for the rights and freedoms of data subjects in relation to the processing of personal data”

For the most part the Data Protection Act does not stop this activity, it merely forces an appropriate decision making process.  These are some of the elements that you will need to consider, when making your decision:

  1. does the information being transferred fall under the definition of ‘personal data”as laid out within the law?
  2. has the data been collected and processed in accordance with the law?
  3. if the transfer is not within the EEA, or to a country subject to a ‘finding of adequacy’ or if they have signed up to the Safe Harbor Scheme, can an assessment be carried out for an adequate level of protection?
  4. if adequacy cannot be established, can other adequate safeguards be put in place?

This may seem a little daunting, but really, it serves as a protection for you, your business and the trust of your clients.  It dictates a best practice led approach to ensure that you remain within the law when dealing with information about people.

So, to avoid penaltiesprevent unwanted publicity and loss of reputation keep in mind what I have mentioned here and if you are in doubt or need help, check out my series of blogs over the next week, or contact me.

Yours in staying within the law!


STOP Hiding Behind the Law!

Too often I hear companies utter the words “I can’t do that because of data protection” or “data protection stops us from doing that

Here is a prime example of that:

I recently took a call from a high street bank, and after they had gone through all the security questions, which I always find odd as they are the ones who called me, but that’s a whole other post! After, the questions, I requested for my husband to deal with the matter – I was met with the dreaded words “that’s not possible because of data protection”.  After a stunned silence, on my part, I began to challenge the person, probably unfortunately for him!

To cut a long story short, it turned out it would be possible, ALTHOUGH it would mean that I would have to take more time out of my day to write a letter giving my husbands details that I would sign.  Why could I not do this over the phone? They had already checked my security details, so they knew that I was who they thought I was, and I could provide them with my husband’s details and any additional password etc that could be used – the risk was minimal! No! I had to follow a time consuming and not very customer friendly process for something THEY had contacted ME about in the first place!!

Seriously??!? More than a decade on I find it incredible that companies are still coming out with that line, for nothing more than an excuse for their poorly thought out processes, signed off by managers who have a lack of understanding of what complying with these laws mean.

This is what we deal with everyday, we help companies, large and small step through the perceived minefield of data privacy laws to make sure they can achieve what they need to make their business succeed and still work within the laws.

The bottom line is that there are many companies out there still SCARED of such laws as the Data Protection Act, whilst I believe there should be a healthy fear, this is NOT the purpose of the Act!  It should not STOP processes being user-friendly or being able to create efficiency.

So, what is the purpose of the Act?  The purpose is simple – it is to create balance.  Protecting the rights and privacies of individuals, whilst allowing companies and businesses to operate as they need to.  Get this balance right and you have cracked it!

Stop being afraid and do it right!  With the right help you can achieve it. TAKE ACTION, contact us here http://www.thevirtualprivacyexpert.com/contact-us/

Yours in getting it right!