This is a statement outlining how the Financial Services Compensation Scheme Limited ("FSCS") meets its obligations under the Data Protection Act 1998 ("the Act").
The statement is subject to regular review to reflect, for example, changes to legislation or to the structure or policies of FSCS. The statement is made available to all staff who are expected to apply it.
FSCS needs to collect and use certain types of information about people with whom it deals in order to operate.
These include: current and previously authorised persons; live, insolvent and departed firms including all forms of authorised firms; current, past and prospective claimants; FSCS' own employees; suppliers and others with whom FSCS conducts business.
In addition to carrying out our own statutory functions, FSCS may occasionally be required to collect and use certain types of information of this kind to comply with the requirements of other government departments or legislation.
FSCS regards the lawful and correct used of personal information as important to the achievement of our objectives, to the success of our operations and to maintaining confidence between those with whom we deal and ourselves. We therefore aim to ensure that our organisation treats personal information lawfully and correctly.
To this end, we fully endorse and adhere to the principles of data protection, as set out in the Data Protection Act 1998 ("the Act").
The eight principles under that Act require that personal information:
1. must be processed fairly and lawfully and, in particular, must not be processed unless specific conditions are met;
2. must be obtained only for one or more specified lawful purposes, and must not be further processed in any manner incompatible with that purpose or those purposes;
3. must be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
4. must be accurate and, where necessary, kept up-to-date;
5. must not be kept for longer than is necessary for the specified purpose(s);
6. must be processed in accordance with the rights of data subjects under the Act;
7. should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
8. must not be transferred to a country or territory outside the European Economic Area ("EEA") unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
In light of these obligations, FSCS, through appropriate management and controls, will:
In order to achieve compliance with the Act and its principles, FSCS has: