Data Protection Policy: Definitions
This page explains terms which are commonly used in the Data Protection Policy.
Data controller
A person or organisation who makes decisions in regard to personal data, including decisions regarding the purposes for which and the manner in which personal data may be processed.
Data processor
An individual or organisation other than an employee of the data controller, who processes personal data on behalf of the data controller: e.g. a firm which collects and processes data on SOAS's behalf under contract. Data controllers are responsible for the processing which is carried out for them by data processors, and have to ensure that this processing takes place within appropriate security arrangements (see Security of data).
Data subject
A living individual who is the subject of personal data.
Direct marketing
The communication of advertising or marketing material directed to particular individuals.
Manual data
Personal data which are not being processed by equipment operating automatically, or recorded with the intention that they should be processed by such equipment: e.g. data held in paper form.
Personal data
Data relating to a living individual who can be identified from the data, or from the data and other information which is in the posession of (or likely to come into the posession of) the data controller. Personal data include information such as an individual's name, home and work addresses, educational background, images and photographs (including CCTV footage), expressions of opinion about the individual, and the intentions of the data controller in regard to the individual.
Processing
Any operation on personal data, including obtaining, recording, holding, organizing, adapting, combining, altering, retrieving, consulting, disclosing, disseminating, deleting, destroying and otherwise using the data.
Relevant filing system
A filing system for paper or other manual data which has been constructed in such a way that specific categories of information relating to an individual are readily accessible.
Sensitive personal data
Personal data relating to racial or ethnic origins, political opinions, religious beliefs, trade union membership, physical or mental health (including disabilities), sexual life, the commission or alleged commission of offences, and criminal proceedings.
Third parties
An individual or organisation other than the data subject, the data controller or a data processor acting on behalf of the data controller.
Vital interests
Although not defined in the Data Protection Act, the Information Commissioner has advised that "vital interests" should be interpreted as relating to life and death situations: e.g. the disclosure of a data subject's medical details to a hospital casualty department after a serious accident.
Last updated July 2005
