Anne Kipling's brief summary (below) is correct.

The following account of the amendments to the DPA contained in the 
FOI bill is taken from the Government's Explanatory Notes on the FOI 
bill, which can be found in full on the Stationery Office web site.

Maurice Frankel
---------------------------------------------------------------------- 
-----------------

Clauses 67 to 71

204.     Part VII of the Bill has the effect that the Data Protection 
Act 1998 rights of subject access and data accuracy are extended to 
all personal information held by public authorities, with some 
modifications and exemptions.
205.     This is achieved by the device of providing that all 
personal information held by public authorities counts as personal 
data for the purposes of the 1998 Act, then cancelling all of the 
effects of that redefinition except those relating to subject access 
and accuracy (other than as regards personal information and 
non-designated functions of public authorities). Some modifications 
are made to the right of subject access as it relates to certain 
unstructured records.
206.     The Data Protection Act 1998 creates two important rights 
for individuals in respect of information which is personal to them. 
Individuals are entitled to be told whether personal information 
relating to them is being held (or otherwise processed) and, if so, 
to have both it and certain other details about it communicated to 
them. This is known as subject access. The Act also makes provision 
placing a duty of accuracy on all data controllers. In both cases, 
the 1998 Act makes the rights enforceable both in the courts and, as 
a regulatory matter, by the Commissioner. These rights are, however, 
limited by the terms of application of the Data Protection Act 1998 
itself. In particular, the scope of that Act is limited by the key 
definitions set out in section 1(1), most importantly the definition 
of "data", which is restricted to information which is automated, or 
intended for automated processing, or part of a structured "relevant 
filing system" (as defined), or part of an "accessible record" 
(defined by section 68 to mean certain health, education, housing and 
social work records).
207.     Clause 67 has the effect that, for public authorities within 
the terms of the Bill, the limitations on the definition of "data" in 
s.1(1) of the 1998 Act disappear (except to the extent that the 
information relates to functions in respect of which, under clause 6, 
the Bill does not apply). Subject to that limitation, the 1998 Act 
therefore applies to any personal information held by a public 
authority. That means, specifically, that the Data Protection Act 
applies to public authorities' non-automated records even though they 
are not part of a "relevant filing system" and not part of an 
"accessible record" as defined in the Act. An example of that might 
be incidental personal information on a policy file, or in loose 
papers. The chief effect of this clause for present purposes is that 
it achieves the extension of all the Data Protection Act provisions 
about subject access and accuracy to this new range of information. 
Section 1 of the 1998 Act, as amended by the Bill, is set out as an 
Annex to these Notes.
208.     But subject access will work in a slightly modified way in 
this new area, and clause 68 introduces two important qualifications 
to the subject access right which are not found in the 1998 Act as it 
stands. Clause 68 itself applies to only some of the personal 
information added to the scope of subject access by clause 67. It 
does not apply to information recorded on paper which, although it is 
not part of a "relevant filing system" or part of an "accessible 
record", is nevertheless structured to a certain extent by reference 
to individuals. An example of such relatively structured information 
might be a case file about an individual which contains 
correspondence about a number of matters relating to that individual 
and is indexed by reference only to the dates of the correspondence. 
This relatively structured information will be treated for subject 
access purposes in exactly the same way as other personal information 
within the scope of the Data Protection Act. But two special rules 
will apply in respect of subject access to the residue, that is, the 
relatively unstructured information.

*	Firstly, subject access will not be given to this information 
unless the information is expressly described in the request. A 
request from a data subject for access to his own personal data has 
to be met in general by giving access to all of that subject's data, 
without his having to specify any of it. No part of the residue of 
relatively unstructured personal information, however, will be 
included in response to a subject access request unless the data 
subject has expressly described it.

*	Secondly, even where residual relatively unstructured 
personal information has been described, the authority will be able 
to rely on provisions equivalent to those set out in clause 11 of the 
Bill to refuse a request in so far as it relates to that information 
where to do so would cost more than is provided for by a prescribed 
cost ceiling.

209.     Clause 67 also provides that the extension of subject access 
is to have no effect on the criminal offence created by section 56 of 
the 1998 Act, which prohibits in some circumstances the act of 
requiring the production of information obtained in the exercise of 
the right of subject access.
210.     However, as well as achieving the expansion (and partial 
modification) of data subject rights, the amendment to the definition 
of "data" produced by clause 67 would of course bring all the rest of 
the 1998 Act to bear on the totality of public authorities' personal 
information. Given that the new rights exist and are operated wholly 
within the context of the 1998 Act, the extension of the definition 
of "data" is a streamlined way of extending the key subject access 
and accuracy provisions. But the general application of the 1998 Act 
to all personal information held by public authorities is not an 
intended byproduct, and the Bill therefore needed to ensure that the 
excess application of the 1998 Act was cancelled out. That is what 
clause 69 achieves. It strips out of the extension of the new 
definition of "data" all the substantive effects of the Data 
Protection Act 1998 except those relating to subject access and 
accuracy.
211.     Clause 69 has one further effect. It provides that the 
extension of the rights of subject access and accuracy achieved in 
Part VII of the Bill does not apply to personnel information held by 
public authorities.
212.     Clause 70 amends section 16(1) of the Data Protection Act 
1998 so as to require data controllers who are public authorities for 
the purposes of the Bill, to state that fact when making any 
notification under Part III of the 1998 Act. This information will 
then appear on the public register maintained under Part III of the 
1998 Act.
213.     Clause 71 amends section 34 of the Data Protection Act 1998. 
Section 34 provides that personal data are exempt from the Act's 
provisions relating to subject access and accuracy, and from certain 
other restrictions on disclosure, if they consist of information 
which is subject to a statutory duty to make it available to the 
public. That is because such statutory access provisions - such as 
those governing the Register of births, marriages and deaths or the 
Land Registry - make their own detailed arrangements for access, 
accuracy, and disclosure, which are accordingly made to prevail over 
the more general provisions of the 1998 Act. But section 34's 
reference to statutory obligations would be capable of including 
those in the Bill, thus making the Bill's regime predominate over the 
1998 Act's. This would not be consistent with the Bill's express 
provision that, in the case of personal data, its own provisions are 
subject to the limits of the 1998 Act. Clause 71 removes the 
inconsistency by providing that the reference to statutory 
obligations in section 34 is not to include those in the Bill.
214.     Clause 72 introduces Schedule 6 which contains further 
amendments to the 1998 Act.




At 10:19 am +0000 18/2/00, Anne Kipling wrote:
>The FOI Bill can be found at:
>
>www.publications.parliament.uk/pa/cm199900/cmbills/005/2000005.htm
>
>and PART VII applies to the DPA 1998.
>
>As I understand it, the Bill extends the meaning of "data" by adding
>another subsection to s1 of the DPA which brings "recorded information
>held by a public authority" under that Act.  In addition, it 
>introduces a right
>of access to "unstructured personal data".
>
>S38 of the Bill seems to be saying that subject access requests for
>personal information must be done under the DPA, not the FOIA.  Any
>other views on this?
>
>Anne Kipling
>Information Security Officer
>Oxford Brookes University


----------------------------------------
Maurice Frankel
Director, Campaign for Freedom of Information
Suite 102, 16 Baldwins Gardens
London EC1N 7RJ, UK
Tel: 0171 831 7477
Fax 0171 831 7461
email: [log in to unmask]
website: http://www.cfoi.org.uk