If you apply for Subject Access to a local authority to check a particular set of computerised records, once the authority provides you with that information, the request has been satisfied. The fact that the authority holds other data, structured or otherwise, is only relevant if you ask for "all the information you hold about me".
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 14 December 2004 12:40
To: [log in to unmask]
Subject: Re: [data-protection] Unstructured personal data
This interesting reply has caused me to think (and probably not very
clearly, at that).
Scenario: I apply for Subject Access to a local authority because I want to
check that a particular set of computerised records about me is accurate. I
am prepared to pay the £10 fee, and I am not interested in anything else.
However, it happens that the local authority also has a large amount of
unstructured data about me. They reply: Sorry, we can't comply fully with
this Subject Access request for less than £450, so pay up or get nothing.
That can't be right, so does it mean that, despite the FoIA amending the
DPA, a DPA Subject Access request to a statutory body now has to be split in
two: categories (a) to (d) for £10 regardless and category (e) within the
£10 if it costs less than £450, otherwise subject to a separate, possibly
substantial, fee?
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Lynne Skipsey" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, December 13, 2004 1:21 PM
Subject: Re: Unstructured personal data
> Just adding to Paul's explanation - my understanding is that any personal
information falling into the additional 5th category (all other recorded
info held by a public body) is covered by the new Fee Regulations for FOI &
DPA (see attached). This means that public bodies receiving a subject access
request from now on, will have to estimate whether the personal data held in
unstructured manual systems/storage would cost more or less than £450 to
provide and then proceed as follows:
> a) if it would cost less than £450 the public body has the right to charge
additional costs to cover disbursements such as photocopying and postage in
order to provide this information.
> b) if the volume of relevant personal data in unstructured filing systems
would cost more than £450, (take more than 2 1/2 days) we could refuse to
process this part of the request but it would be better if we either i)
provided a limited amount within the £450 threshold or ii)charged full costs
for dealing with the request for personal data held in unstructured manual
systems.
>
> Kind regards
>
> Lynne Skipsey
> Information Manager
> Registry - Corporate Services
> NHSU
> Tel 07775 508113
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Paul Ticher
> Sent: 13 December 2004 13:04
> To: [log in to unmask]
> Subject: Re: [data-protection] Unstructured personal data
>
>
> No doubt others will correct me if I'm wrong, but I read it that s.68 of
the Freedom of Information Act amends s.1(1)of the Data Protection Act to
add a new fifth category of data: "recorded information held by a public
authority [which] does not fall within any of paragraphs (a) to (d)". In
effect, therefore, *all* recorded information held by a public authority is
"data". If such data is also personal, it is therefore personal data and
access would be available under the Data Protection Act, for a fee of up to
£10, within 40 days and with the Data Protection Act restrictions - access
would only be granted to the Data Subject and third party confidentiality
would be protected, for example.
>
> If it is not personal - i.e, post-Durant, not *about* an identifiable
living individual - it would not be personal data and therefore access would
not be available under the Data Protection Act, but under the Freedom of
Information Act, for free and with shorter time limits provided the cost was
within the limits.
>
> Just thinking about how you would handle a collection which contains a
mixture of personal and non-personal data makes me glad not to be a public
authority DPO.
>
> Paul Ticher
> 0116 273 8191
> 22 Stoughton Drive North, Leicester LE5 5UB
>
> I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
>
>
> ----- Original Message -----
> From: "Kirsty Gray" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Monday, December 13, 2004 12:19 PM
> Subject: Unstructured personal data
>
>
> Now that the FOIA fees regs have been laid before Parliament - anyone any
idea what we do about 'unstructured' personal data post 01/01/05?
>
> Reg 3 (the appropriate limit) "(1) This regulation has effect to prescribe
the appropriate limit referred to in section 9A(3) and (4) of the 1998 Act
..." then goes on to confirm FOIA fees of £600 for central government and
£450 for other public authorities.
>
> Reg 4 (estimating the cost of complying with a request - general) "...a
relevant request is any request to the extent that it is a request (a) for
unstructured personal data within the meaning of section 9A(1) of the 1998
Act and to which section 7(1) of that Act would, apart from the appropriate
limit, to any extent apply..."
>
> Does this mean that Durant is definately no longer applicable to the
public sector? Must we estimate total cost of complying with a request for
unstructured personal data? And either respond (under the limit) or choose
to refuse unless full cost paid (over the limit)? Can we charge
disbursements for responding (under the limit)? Is that as well as or
instead of £10 SAR fee?
>
>
> Has anyone seen any guidance from either DCA or ICO on this one? My search
attempts this AM brought up nothing. Am I the only one totally confused?
>
> Kirsty E Gray
> Access to Information Advisor
> Commission for Social Care Inspection
>
> Note: comments for discussion and debate only and do not necessarily
reflect the corporate position of CSCI nor constitute legal advice.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> *** This e-mail and any attachments are confidential and are intended only
for the addressee(s). If you are not an intended recipient of this e-mail
and have received it in error, please notify the sender immediately by reply
e-mail and then delete it from your system.
>
> This e-mail has been scanned for viruses by the NHSU WebShield Virus
Scanner, but is not guaranteed free from viruses ***
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|