The following are my own observations and do not necessarily represent the views of my employer.
I was working up to a similar comment, but was trying to factor in the added complications of working in Scotland under FIO(S)A, DPA, and now 3 sets of fees calculations under those two and FOIA re unstructured data.
I haven't managed to finalise my thinking as other work has intervened, but for what it's worth think that (know that) the legislation is now getting increasingly difficult, as the SI laid before the Westminster parliament to bring in Scottish public authorities vis-à-vis the amendments to the DPA failed when I last saw it to do anything other than tie in the definition of "Scottish public authority" as a "public authority" for the purposes of the DPA. That is not sufficient in my opinion to align the UK public sector viz - a viz the revised DPA, given that Scottish public authorities are not covered by the FOIA, nor I'd have thought by regulations made under it. Unfortunately "public authority" in the regs (SI 2004 No 3244)is not defined so may/may not include the larger class of public authorities in DPA as amended.
For those on the list in happy ignorance we have a different fees structure under the FOISA, with the original £600 limit across the board, no differentiation between central government and other public authorities, and no right to charge for determining whether or not we hold information, only for the cost of locating and retrieving it. Then again, we come cheap in Scotland (or are paid less) and our staff costs are to be estimated at £15 per hour, rather than the £25 elsewhere in the UK.
So an FOI/DPA person in Scotland (perhaps)needs to know the detailed differences, between the two sets of FOI regulations, understand them, and then make any 1 of 3 different calculations, with different variables on what can be taken into account, staff costs, and a different upper limit, dependent on whether s/he is calculating a request under FOISA, DPA or DPA as amended. After all that, my understanding is that if the cost of providing unstructured manual data is likely to be less than £450, (costed at £25 per hour staff time, and including the cost of determining whether you hold the information) then the charge to the data subject is still a maximum of £10.
I also have lingering doubts about the competency of the amendment to the DPA re copyright and FOISA, as in the Freedom of Information (Scotland) Act 2002 (Consequential Modifications) Order 2004 (as last seen):
"Freedom of Information Act 2000
1.-(1) The Freedom of Information Act 2000, is amended as follows.
(3) In section 80, after subsection (2), add-
"(3) Section 50 of the Copyright, Designs and Patents Act 1988( ) and paragraph 6 of Schedule 1 to the Copyright and Rights in Databases Regulations 1997( ) apply in relation to the Freedom of Information (Scotland) Act 2002 as they apply in relation to this Act."
but perhaps someone else can comment on whether they think it competent to bring the FOISA under the meaning of "enactment" in the Copyright Act by way of an amendment to the FOIA. I'd have thought the Copyright Act itself would need a reference to the FOISA, given that the FOIA does not apply to Scottish public authorities as defined in the FOISA? Even if it's competent there is no reference on the face of the Copyright Act to the FOISA, and how on earth could anyone be expected to know that it's brought in by way of the FOIA? Which doesn't apply to Scottish public authorities. Or so we thought.
Catherine Sclater
-----Original Message-----
From: Kirsty Gray [mailto:[log in to unmask]]
Sent: 13 December 2004 12:19
To: [log in to unmask]
Subject: [data-protection] Unstructured personal data
Now that the FOIA fees regs have been laid before Parliament - anyone any
idea what we do about 'unstructured' personal data post 01/01/05?
Reg 3 (the appropriate limit) "(1) This regulation has effect to prescribe
the appropriate limit referred to in section 9A(3) and (4) of the 1998
Act ..." then goes on to confirm FOIA fees of £600 for central government
and £450 for other public authorities.
Reg 4 (estimating the cost of complying with a request - general) "...a
relevant request is any request to the extent that it is a request (a) for
unstructured personal data within the meaning of section 9A(1) of the 1998
Act and to which section 7(1) of that Act would, apart from the appropriate
limit, to any extent apply..."
Does this mean that Durant is definately no longer applicable to the public
sector? Must we estimate total cost of complying with a request for
unstructured personal data? And either respond (under the limit) or choose
to refuse unless full cost paid (over the limit)? Can we charge
disbursements for responding (under the limit)? Is that as well as or
instead of £10 SAR fee?
Has anyone seen any guidance from either DCA or ICO on this one? My search
attempts this AM brought up nothing. Am I the only one totally confused?
Kirsty E Gray
Access to Information Advisor
Commission for Social Care Inspection
Note: comments for discussion and debate only and do not necessarily
reflect the corporate position of CSCI nor constitute legal advice.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This E-Mail is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the addressee, any disclosure, reproduction, copying, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify the sender immediately by replying to this e-mail, or telephone 01382 207 222, and then delete this e-mail.
All outgoing messages are checked for viruses however no guarantee is given that this e-mail message, and any attachments, are free from viruses. You are strongly recommend to check for viruses using your own virus scanner. Neither SCRC or SSSC will accept responsibility for any damage caused as a result of virus infection.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|