Advanced Search

Data Protection (Sensitive Personal Data) (Jersey) Regulations 2005


Published: 2006-01-01

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
Data Protection (Sensitive Personal Data) (Jersey) Regulations 2005

Revised Edition

15.240.35

Showing the law as at 1 January 2006

This is a revised edition of the law

Data Protection (Sensitive Personal Data) (Jersey) Regulations 2005

Arrangement

Regulation

1            Interpretation

2            Additional circumstances for processing sensitive personal data

3            Prevention of unlawful acts

4            Protection against malpractice and mismanagement

5            Publication about malpractice and mismanagement

6            Counselling

7            Insurance and pensions: general determinations

8            Insurance and pensions: current processing

9            Positive discrimination

10          Research

11          Functions of a police officer

12          Period of notice under Regulation 9(3)

13          Citation

Supporting Documents

Endnotes

Table of Legislation History

Table of Renumbered Provisions

Table of Endnote References



Data Protection (Sensitive Personal Data) (Jersey) Regulations 2005

THE STATES, in pursuance of Article 67, and paragraph 10 of Schedule 3, of the Data Protection (Jersey) Law 2005[1], have made the following Regulations –

Commencement [see endnotes]

1      Interpretation

In these Regulations –

“Law” means the Data Protection (Jersey) Law 2005[2];

“research purposes” includes statistical and historical purposes.

2      Additional circumstances for processing sensitive personal data

For the purposes of paragraph 10 of Schedule 3 to the Law, prescribed circumstances for the processing of sensitive personal data are the set of circumstances set out in any one of Regulations 3 – 11.

3      Prevention of unlawful acts

The processing of the personal data –

(a)     is in the substantial public interest;

(b)     is necessary for the purposes of the prevention or detection of any unlawful act or unlawful omission; and

(c)     must, in order not to prejudice those purposes, be carried out without the data controller’s seeking the explicit consent of the data subject.

4      Protection against malpractice and mismanagement

The processing of the personal data –

(a)     is in the substantial public interest;

(b)     is necessary for the discharge of any function that is designed for protecting members of the public against –

(i)     dishonesty, malpractice, or other seriously improper conduct by, or the unfitness or incompetence of, any person, or

(ii)    mismanagement in the administration of, or failures in services provided by, any body or association; and

(c)     must, in order not to prejudice the discharge of that function, be carried out without the data controller’s seeking the explicit consent of the data subject.

5      Publication about malpractice and mismanagement

(1)    The processing of the personal data –

(a)     takes the form of disclosure;

(b)     is in the substantial public interest;

(c)     is in connection with –

(i)     the commission by any person of any unlawful act, or unlawful omission, whether alleged or established,

(ii)    dishonesty, malpractice, or other seriously improper conduct by, or the unfitness or incompetence of, any person, whether alleged or established, or

(iii)   mismanagement in the administration of, or failures in services provided by, any body or association, whether the mismanagement or failures are alleged or established;

(d)     is for the special purposes; and

(e)     is made with a view to the publication of those data by any person.

(2)    The person who is the data controller in relation to the processing reasonably believes that the publication would be in the public interest.

6      Counselling

(1)    The processing of the personal data –

(a)     is in the substantial public interest; and

(b)     is necessary for the discharge of any function designed for the provision of confidential counselling, confidential advice, confidential support or a similar confidential service.

(2)    One or more of the following conditions is satisfied –

(a)     the data subject cannot give consent to the processing;

(b)     the data controller cannot reasonably be expected to obtain the consent of the data subject to the processing; or

(c)     the processing must, in order not to prejudice the discharge of the function referred to in paragraph (1)(b), be carried out without the data controller’s seeking the explicit consent of the data subject.

7      Insurance and pensions: general determinations

(1)    The processing of the personal data –

(a)     is necessary for the purpose of –

(i)     carrying on insurance business falling within Class 1, 3 or 4 of Part 1 of Schedule 1 to the Insurance Business (Jersey) Law 1996[3], or within Class 1 or 2 of Part 2 of that Schedule, or

(ii)    making determinations in connection with eligibility for, or benefits payable under, an occupational pension scheme, being a scheme, or arrangement, that is constituted in one or more instruments or agreements and has, or is capable of having, effect in relation to one or more descriptions or categories of employments so as to provide benefits, in the form of pensions or otherwise, payable on termination of service, or on death or retirement, to or in respect of earners with qualifying service in an employment of any such description or category; and

(b)     does not support measures or decisions that relate in particular to the person who is the data subject in respect of the personal data.

(2)    The data controller cannot reasonably be expected to obtain the explicit consent of that data subject to the processing and the data controller is not aware of the data subject’s withholding his or her consent to the processing.

(3)    The personal data consists of information falling within Article 2(e) of the Law and relates to a data subject who is the parent, grandparent, great-grandparent or sibling of –

(a)     in the case of processing for the purpose referred to in paragraph (1)(a)(i), a person insured (or seeking to be insured) in the course of the insurance business; or

(b)     in the case of processing for the purpose referred to in paragraph (1)(b), a person who is a member of the scheme or seeking to become a member of the scheme.

8      Insurance and pensions: current processing

(1)    The processing of the personal data –

(a)     was already under way in relation to the same data subject and by or on behalf of the same data controller immediately before the coming into force of these Regulations; and

(b)     is necessary for the purpose of –

(i)     carrying on insurance business falling within Class 1, 3 or 4 of Part 1 of Schedule 1 to the Insurance Business (Jersey) Law 1996, or

(ii)    establishing or administering an occupational pension scheme, being a scheme, or arrangement, that is constituted in one or more instruments or agreements and has, or is capable of having, effect in relation to one or more descriptions or categories of employments so as to provide benefits, in the form of pensions or otherwise, payable on termination of service, or on death or retirement, to or in respect of earners with qualifying service in an employment of any such description or category.

(2)    One or both of the following conditions is satisfied –

(a)     the data controller cannot reasonably be expected to obtain the explicit consent of the data subject to the processing and has not been informed by the data subject that the latter refuses consent to the processing;

(b)     the processing must, in order not to prejudice the purpose referred to in paragraph (1)(b), be carried out without the data controller’s seeking the explicit consent of the data subject.

9      Positive discrimination

(1)    The processing of the personal data –

(a)     is necessary for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment between persons –

(i)     holding different religious beliefs or other beliefs of a similar nature, or

(ii)    of different states of physical or mental health or different physical or mental conditions,

with a view to enabling such equality to be promoted or maintained;

(b)     does not support measures or decisions with respect to any particular data subject otherwise than with the explicit consent of the data subject; and

(c)     does not cause, nor is likely to cause, substantial damage or substantial distress to the data subject or any other person.

(2)    The personal data consists of information falling within Article 2(c) of the Law (in the case of processing referred to in paragraph (1)(a)(i)) or within Article 2(e) of the Law (in the case of processing referred to in paragraph (1)(a)(ii)).

(3)    The processing is not contrary to any notice in writing that an individual has given to the data controller requiring that data controller to cease processing personal data in respect of which the individual is the data subject.

10    Research

The processing of the personal data –

(a)     is in the substantial public interest;

(b)     is necessary for research purposes;

(c)     does not support measures or decisions with respect to any particular data subject otherwise than with the explicit consent of the data subject; and

(d)     does not cause, nor is likely to cause, substantial damage or substantial distress to the data subject or any other person.

11    Functions of a police officer

The processing is necessary for the exercise of any function conferred on a police officer by or under any enactment or other law.

12    Period of notice under Regulation 9(3)

A notice under Regulation 9(3) takes effect for the purpose of that Regulation at the end of a period that is reasonable in the circumstances unless the notice specifies a longer period, in which case it takes effect at the end of that longer period.

13    Citation

These Regulations may be cited as the Data Protection (Sensitive Personal Data) (Jersey) Regulations 2005.



Endnotes

Table of Legislation History



Legislation



Year and No



Commencement



Data Protection (Sensitive Personal Data) (Jersey) Regulations 2005



R&O.140/2005



1 December 2005



Table of Renumbered Provisions



Original



Current



None



 



Table of Endnote References



[1]



chapter 15.240



[2]



chapter 15.240



[3]



chapter 13.425