My problem isn't so much the amount to charge for a SAR (it's a tenner if we choose to levy it) but the information I need to service one. Under FoI we are entitled to refer back to the applicant if we have insufficient info to service their request.
What do we do now with a DPA 'give me everything you've got on me' type of request? Are we entitled to insist on a narrower scope (7(3)) and delay compliance until we have it? What if the data subject simply says 'No I won't refine my request', - I want everything! - My understanding is that they are absolutely entitled to do that if they so wish. Whilst we are entitled to seek what we 'reasonably require' to service the request, I see no provision within section 7 that obliges the data subject to enter into negotiation on the matter.
Gerry.
Mr.G.Dane
University of Newcastle
Newcastle upon Tyne
NE1 7RU
Email: [log in to unmask]
-------------------------------------------
The views expressed in this message are those of the
sender and not necessarily those of the University.
>-----Original Message-----
>From: This list is for those interested in Data Protection
>issues [mailto:[log in to unmask]] On Behalf Of
>Catherine Sclater
>Sent: 13 December 2004 13:28
>To: [log in to unmask]
>Subject: Re: [data-protection] Unstructured personal data
>
>
>The following are my own observations and do not necessarily
>represent the views of my employer.
>
>I was working up to a similar comment, but was trying to
>factor in the added complications of working in Scotland under
>FIO(S)A, DPA, and now 3 sets of fees calculations under those
>two and FOIA re unstructured data. I haven't managed to
>finalise my thinking as other work has intervened, but for
>what it's worth think that (know that) the legislation is now
>getting increasingly difficult, as the SI laid before the
>Westminster parliament to bring in Scottish public authorities
>vis-à-vis the amendments to the DPA failed when I last saw it
>to do anything other than tie in the definition of "Scottish
>public authority" as a "public authority" for the purposes of
>the DPA. That is not sufficient in my opinion to align the UK
>public sector viz - a viz the revised DPA, given that Scottish
>public authorities are not covered by the FOIA, nor I'd have
>thought by regulations made under it. Unfortunately "public
>authority" in the regs (SI 2004 No 3244)is not defined so
>may/may not include the larger class of public authorities in
>DPA as amended.
>For those on the list in happy ignorance we have a different
>fees structure under the FOISA, with the original £600 limit
>across the board, no differentiation between central
>government and other public authorities, and no right to
>charge for determining whether or not we hold information,
>only for the cost of locating and retrieving it. Then again,
>we come cheap in Scotland (or are paid less) and our staff
>costs are to be estimated at £15 per hour, rather than the £25
>elsewhere in the UK. So an FOI/DPA person in Scotland
>(perhaps)needs to know the detailed differences, between the
>two sets of FOI regulations, understand them, and then make
>any 1 of 3 different calculations, with different variables on
>what can be taken into account, staff costs, and a different
>upper limit, dependent on whether s/he is calculating a
>request under FOISA, DPA or DPA as amended. After all that, my
>understanding is that if the cost of providing unstructured
>manual data is likely to be less than £450, (costed at £25 per
>hour staff time, and including the cost of determining whether
>you hold the information) then the charge to the data subject
>is still a maximum of £10.
>
>I also have lingering doubts about the competency of the
>amendment to the DPA re copyright and FOISA, as in the Freedom
>of Information (Scotland) Act 2002 (Consequential
>Modifications) Order 2004 (as last seen):
>
>"Freedom of Information Act 2000
>1.-(1) The Freedom of Information Act 2000, is amended as follows.
>(3) In section 80, after subsection (2), add-
>"(3) Section 50 of the Copyright, Designs and Patents Act
>1988( ) and paragraph 6 of Schedule 1 to the Copyright and
>Rights in Databases Regulations 1997( ) apply in relation to
>the Freedom of Information (Scotland) Act 2002 as they apply
>in relation to this Act."
>
>
>but perhaps someone else can comment on whether they think it
>competent to bring the FOISA under the meaning of "enactment"
>in the Copyright Act by way of an amendment to the FOIA. I'd
>have thought the Copyright Act itself would need a reference
>to the FOISA, given that the FOIA does not apply to Scottish
>public authorities as defined in the FOISA? Even if it's
>competent there is no reference on the face of the Copyright
>Act to the FOISA, and how on earth could anyone be expected to
>know that it's brought in by way of the FOIA? Which doesn't
>apply to Scottish public authorities. Or so we thought.
>
>
>Catherine Sclater
>
>-----Original Message-----
>From: Kirsty Gray [mailto:[log in to unmask]]
>Sent: 13 December 2004 12:19
>To: [log in to unmask]
>Subject: [data-protection] Unstructured personal data
>
>Now that the FOIA fees regs have been laid before Parliament -
>anyone any idea what we do about 'unstructured' personal data
>post 01/01/05?
>
>Reg 3 (the appropriate limit) "(1) This regulation has effect
>to prescribe the appropriate limit referred to in section
>9A(3) and (4) of the 1998 Act ..." then goes on to confirm
>FOIA fees of £600 for central government and £450 for other
>public authorities.
>
>Reg 4 (estimating the cost of complying with a request -
>general) "...a relevant request is any request to the extent
>that it is a request (a) for unstructured personal data within
>the meaning of section 9A(1) of the 1998 Act and to which
>section 7(1) of that Act would, apart from the appropriate
>limit, to any extent apply..."
>
>Does this mean that Durant is definately no longer applicable
>to the public sector? Must we estimate total cost of complying
>with a request for unstructured personal data? And either
>respond (under the limit) or choose to refuse unless full cost
>paid (over the limit)? Can we charge disbursements for
>responding (under the limit)? Is that as well as or instead of
>£10 SAR fee?
>
>
>Has anyone seen any guidance from either DCA or ICO on this
>one? My search attempts this AM brought up nothing. Am I the
>only one totally confused?
>
>Kirsty E Gray
>Access to Information Advisor
>Commission for Social Care Inspection
>
>Note: comments for discussion and debate only and do not
>necessarily reflect the corporate position of CSCI nor
>constitute legal advice.
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
>Any queries about sending or receiving message please send to
>the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>This E-Mail is confidential and intended solely for the use of
>the individual to whom it is addressed. If you are not the
>addressee, any disclosure, reproduction, copying, distribution
>or other dissemination or use of this communication is
>strictly prohibited. If you have received this transmission
>in error please notify the sender immediately by replying to
>this e-mail, or telephone 01382 207 222, and then delete this e-mail.
>
>All outgoing messages are checked for viruses however no
>guarantee is given that this e-mail message, and any
>attachments, are free from viruses. You are strongly
>recommend to check for viruses using your own virus scanner.
>Neither SCRC or SSSC will accept responsibility for any damage
>caused as a result of virus infection.
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
>Any queries about sending or receiving message please send to
>the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|