Colleagues - thanks for your thoughts
Very interesting judgement.

Will the situation change when the FOI Act comes fully into force as it also
gives access to unstructured files?

Also, is it  not the case that most files these days are kept on computer or
at least parts of a file are also found on a computer?

If this is the case then the effect of judgement may not be so drastic as
initially looks.

Just some thoughts

Ibrahim Hasan
Act Now Training
Information Law Training for the Public Sector
www.actnowtraining.co.uk


----- Original Message -----
From: "Chris Spray" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, December 10, 2003 12:41 PM
Subject: Re: [data-protection] DURANT DECISION NARROWS SCOPE OF DATA
PROTECTION IN UK


> Chris,
>
> So, it appears then that a manual file held by an HR department or a
manager
> about an employee, but which is only structured to the extent that
documents are
> in date order and there is no index, is not a relevant filing system and
> therefore no access rights exist under the DPA 1998?
>
> I don't think many employees will be very happy if employers adopt this
> approach.
>
> Chris
>
>
>
>
>
>
>
>
> Pounder Chris <[log in to unmask]> on 10/12/2003 12:01:44
>
> Please respond to Pounder Chris <[log in to unmask]>
>
> To:   [log in to unmask]
> cc:    (bcc: Christopher Spray/Group Compliance/South East/RAC Motoring
>       Services)
>
> Subject:  [data-protection] DURANT DECISION NARROWS SCOPE OF DATA
PROTECTION IN
>       UK
>
>
>
> The judgment is already publicly available - see:
> http://www.courtservice.gov.uk/judgmentsfiles/j2136/durant-v-fsa.htm
>
> Durant (as will R v Lord - which is equally important) will form a part
> of our DATA PROTECTION UPDATE sessions in Manchester, Glasgow and London
> in January (if you want details, please reply).
>
>
> Below is MY analysis so far.
>
> DURANT DECISION NARROWS SCOPE OF DATA PROTECTION IN UK
>
> After more than four months of deliberation the Court of Appeal on 8th
> December issued a decision in the case of Durant -v- Financial Services
> Authority ([2003] EWCA Civ 1746).  The key results of the verdict are:
>
> *    a narrow construction of the definition of personal data which
> will also applies to automatically processed personal data,
>
> *    a narrow construction of the definition of relevant filing
> system  in which "specific information" is only regarded as "readily
> accessible" within the meaning of the Act in circumstances where the
> indexing system permits the controller to know in advance whether
> particular material will be found in a particular place in a file;
>
> *    a wide discretion of the Court as to whether to order access to
> personal data  covered by the Act.
>
> Mr Durant originally exercised his right under section 7 of the 1998 Act
> by making a request to the Financial Services Authority (FSA) for access
> to information concerning the FSA's investigation into his complaint
> about Barclays Bank - his "personal data", as he claimed.  Although he
> received some personal data under the Act, the FSA withheld  information
> in manual files on the grounds that the information was not "personal
> data" even though some of this information could be accessed by the FSA
> with ease and was held n a file under his name.
>
> In the Edmonton County Court on 20 October 2002, Mr Durant failed to
> obtain an order requiring the FSA to produce these personal details. The
> Court concluded that the personal information held by the FSA was not in
> the correct structure as required by the definitions found in the Data
> Protection Act. It was the appeal against this decision which was heard
> at the Court of Appeal in the summer of 2003.
>
> The Court of Appeal first of all considered what the Act meant by
> "personal data", and decided that a narrow construction of the words
> "relates to" was to be preferred to a wide one in order to set a limit
> on the burden that the Act would otherwise impose on "data controllers"
> - those who have to give effect to an individual's right to access
> personal data processed by them. It achieved this by taking a restricted
> view of what the Act means by "data which relate" to an individual (the
> data subject to use the jargon of the Act).
>
> To be personal data, the Court of Appeal determined that the data must
> "focus" on the data subject or "be information which affects his
> privacy" (para 28). This was illustrated by Lord Justice Buxton who
> declared that "Mr Durant's letter of complaint to the FSA and the FSA's
> investigation of that complaint did not relate to Mr Durant but to his
> complaint" (para 80). It followed that the FSA's investigation into Mr
> Durant's complaint could not be personal data concerning Mr Durant (even
> if these data were automatically processed) as "The 1998 Act would only
> be engaged if, in the course of investigating this complaint, the FSA
> expressed an opinion about Mr. Durant personally, as opposed to an
> opinion about his complaint" (para 80).
>
> The Court then decided to consider the definition of "data", and in
> particular the meaning of "relevant filing system" which relates to
> non-computerised information. The court determined that this only covers
> very sophisticated filing systems containing highly structured files
> which are similarly organised to computer-held information
>
> The outcome is that to be subject to the Data Protection Act, manual
> files containing personal data require a level of sophisticated file
> structuring, searchability and indexing. One wonders whether many manual
> information systems has this level of functionality. To make this clear,
> the Court determined that the ability of an organisation and its staff
> "to readily identify and locate whole files, even those organised
> chronologically and/or by reference to his and other names is not
> enough" (para 53) to be subject to the Act.
>
> The Court also endorsed the wide view of the discretion under section
> 7(9) claimed by the judge in Edmonton's lower court - to the effect that
> even if a data subject does establish that a data controller is
> withholding information which counts as his personal data, a court is
> not obliged to order the data controller to give it to him.
>
> In the case of the Edmonton Court, the judge stated that as he did not
> think Mr Durant would benefit from access to personal data, he would
> have usedhis discretion not to order access to personal data. Certainly
> the Court of Appeal expressed dislike of the notion that a litigant
> might use the entitlement under the Data Protection Act as an
> alternative to the route of the discovery of documents procedure. This
> lays open the possibility that data controllers who do not want to
> provide access to personal data, will refuse access, hoping to have the
> discretionary ear of a sympathetic judge in a court of law.
>
> Lord Justice Buxton rounded off the Court's disapproval of the Mr
> Durant's case by saying that the proceedings were "misconceived", had
> imposed "a wholly unjustifiable burden and expense" and that any future
> litigant should "carefully scrutinise" this judgement. Anyone who is
> contemplating court action by exercising their rights under the Data
> Protection Act has been warned that they take great financial risks by
> challenging those data controllers who in court, might now successfully
> argue that the information about the data subject's complaint were not
> personal data relating to a data subject.
>
> In this regard, their Lordship's opinion has a chilling effect on the
> right of access and on data protection as a whole. Many will now
> question whether or not the UK law is compliant with Directive 95/46/EC.
>
>
>
> http://www.rac.co.uk
> http://www.racbusiness.co.uk
> http://www.bsm.co.uk
>
> Any  opinions  expressed  in  this  e-mail  are  those of the individual
and not
> necessarily the company. This e-mail and any attachments are confidential
to RAC
> and/or BSM and are solely for use by the intended recipient.
>
> If you are not the intended recipient you must not disclose, copy or
distribute
> its contents to any other person nor use its contents in any way.
> If you have received this e-mail in error please forward a copy of this
e-mail
> to "[log in to unmask]".
>
> RAC Motoring Services: Registered England 1424399
> VAT Reg No. GB 238640945
> British School of Motoring: Registered England 291902
> VAT Reg No. GB 239505847
> Registered Office(s): 1 Forest Road, Feltham, TW 13 7RR
>
> This e-mail and any attachments has been scanned for the presence of
computer
> viruses. RAC/BSM accept no responsibility for computer viruses once this
e-mail
> has been transmitted.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^