This Personal information charter relates to the Rail Accident Investigation Branch (RAIB). The RAIB has a designated Data Protection Manager who can be contacted at:
The Wharf, Stores Road, Derby, DE21 4BA
Telephone: 01332 253300
Data Protection Policy
For the purposes of data protection law, the RAIB is part of the Department for Transport. The Department has a Personal information charter which describes how it protects personal data.
Our approach to the privacy of personal data conforms to the Department’s charter with some additional provisions. The additions arise from our role as an independent accident investigator, governed by its own laws. The key additions to the Department’s charter are described in the following sections.
The data we collect
The RAIB collects personal data to meet its legal obligations for the investigation of rail accidents and serious incidents. This includes data relating to those involved in a rail accident or incident. We also receive personal data from third parties in respect of rail accidents.
The legal basis for RAIB processing personal data
The RAIB carries out its work under the Railways and Transport Safety Act 2003 (the 2003 Act) and The Railways (Accident Investigation and Reporting) Regulations 2005 (the 2005 Regulations). Section 8(2) of the 2003 Act allows our inspectors to obtain any data, including personal data, that is necessary to carry out a safety investigation, and requires individuals to provide that information.
Our use of personal data
We use personal data for the purposes of investigating railway accidents and incidents.
Section 10(2) of the 2005 Regulations states that that we may not, without the consent of the individual involved, disclose to anyone a statement provided to the Branch in association with an investigation, or the personal details (including name, address and medical records) of someone who has provided a statement to the Branch.
Section 10(3) of the 2005 Regulations states that other personal data not protected by Section 10(2) may only be disclosed at our discretion.
In both cases, the only way that the RAIB could be forced to share personal data outside of an investigation would be if we were ordered to do so by a relevant court.
When our investigations are complete we publish a report. Where relevant to an investigation, we may refer to personal data that we have obtained during our investigation in our investigation report. However, our reports will never include the name of someone who has provided us with personal information.
The provisions of the 2003 Act and the 2005 Regulations apply to any third party that participates in a RAIB investigation.
Retention of personal data
At the end of an investigation, we review all personal data obtained and destroy any that is not relevant to the investigation. We retain other personal data where it is necessary for safety investigation purposes. This may be because the information is pertinent to subsequent safety investigations or because there is a possibility the investigation could be reopened at a later date. The continuing need for retention of personal data is reviewed periodically and it is destroyed once there is no further need for it to be retained.
You have the right to ask us for details of the personal data we hold on you, and we will respond to your request within 30 days of receiving it. We will consider requests to correct or erase your personal data, but our response will be governed by our policy on data retention (described above).
We will advise you if we have obtained your personal data from a third party. However, we may not do so within the timescales laid down within the Department’s Charter if we consider that there is a risk that our own investigation may be adversely affected if we do comply. For each item of personal information obtained from a third party, we will:
- immediately assess when we can let you know that we have it
- not un-necessarily delay telling you
- destroy any information that is not relevant to our investigation.