Under the Data Protection Act (DPA) 1998, non-sensitive personal data (such as a living individual’s date of birth, postal address, telephone number, photo and video footage) must be processed in a way that complies with the eight data protection principles.
There are additional requirements if the data being processed is of a sensitive personal nature (i.e. data relating to the subject’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, sexual life, offences or proceedings for any offence committed or alleged to have been committed and the disposal of proceedings or sentence passed).
Sensitive personal data is very often the root cause of privacy issues, but do data controllers engaged in the investigation of suspicious and fraudulent insurance claims really understand what all of this means? …
If you are registered and logged in to the site, click on the link below to read the rest of the Mills & Reeve briefing. If not, please register or sign in with your details below.