In my opinion it would have been far simpler to rely on an 'acting in a
public capacity' type argument, which could have been simpler and more
flexible in the relevant area without creating the additional difficulties
of finely re-focusing the personal data definition in all spheres.
But then I suppose that public servants who may have wished to maintain
their 'organisational privacy' by using posts or numbers instead of names,
would have increased the depersonalisation of social groups and caused much
personal responsibility/accountability to be lost.
Although the current situation could be seen to remove some personal
responsibility/autonomy from the shoulders of data controllers and certainly
within the private sector does seem to have wider affect. Simpler than a
separate private sector DPA, and, if one is to believe most corporate
publicity, private sector organisations are far less likely to abuse data
subjects privacy rights when protecting the corporate assets.
Contentiousness and Employment laws/RIPA aside, scepticism must creep in
when a complete area of a widely protective mechanism is removed without
public discussion or consultation.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Pounder Chris
> Sent: 08 September 2004 12:48
> To: [log in to unmask]
> Subject: Re: Interaction between DPA and FOI
>
>
> The contents of this e-mail are confidential and may be
> privileged. Please refer to the notice at the foot of this
> e-mail before reading any further.
>
>
>
> I enclose a section of our newsletter on the Durant case which dealt
> with this.
>
> TEXT BEGINS
>
> FOI and the right of access by anybody
>
> For public sector bodies only, the Freedom of Information (FOI)
> legislation adds a
> further layer of complication, in that all recorded personal
> information
> with an
> individual as its focus, irrespective of structure, will be personal
> data and subject
> to the right of access and correction by the individual
> concerned (from
> January
> 2005, when the FOI legislation comes fully into force for
> most UK public
> authorities).
>
> All information held by a public authority will, subject to an
> exemption, also be
> accessible either via the 1998 Act or under FOIA. This is how it will
> work.
> The FOIA enacted by the Westminster Parliament modifies the definition
> of "data"
> under section 1 of the 1998 Act so that "data" now covers all recorded
> information held by a public authority, whether electronically or on
> paper, while
> "information" under section 84 of FOIA must also be recorded
> information. So as
> soon as FOIA is in force, "data" under the 1998 Act will also be
> "information"
> under FOIA and vice-versa.
>
> Recorded information which is not personal data under the
> 1998 Act will
> nevertheless be information under FOIA, so any recorded
> information held
> by a
> public authority must either be accessible via the 1998 Act or under
> FOIA (subject
> to exemptions, of course). The Scottish FOIA works in the same way.
> Note that if recorded personal information which does not have an
> individual as
> its focus is not personal data, then this personal information will be
> accessible by
> any applicant under FOI rules (i.e. subject to an FOI exemption).
> However, because
> of the nature of public sector work, there is a very often a duty of
> confidence
> towards the individuals in connection with their interaction with a
> public authority.
> In most cases, recorded information about that individual
> which is owed
> on duty
> of confidence will be personal data.
>
> But let us suppose that there is a class of personal information which
> is about an
> individual, but which nevertheless does not qualify as personal data,
> and the
> individual concerned is owed a duty of confidence. In such a case, an
> applicant for
> information under FOIA who is not the individual to whom the duty of
> confidence
> is owed can expect to find the exemption which relates to
> confidentiality being
> applied to bar access.
>
> But this exemption is not available to the public authority where the
> applicant is
> the individual who is the subject of the information - it
> will not be a
> breach of
> confidentiality to disclose confidential information about
> the applicant
> to the
> applicant.
>
> In other words, under FOIA an applicant who is an individual
> the subject
> of the
> information will gain access to all his personal information,
> subject to
> the
> application of relevant exemptions. But we do not expect any
> confidential
> information about individuals to leak into the public domain
> as a result
> of an FOI
> right of access to information.
>
> Does FOI create a gap?
>
> In the case of public authorities, there are concerns that personal
> information
> which pre-Durant could have been considered to be personal data, could
> become
> subject to disclosure in response to a FOI request from any applicant.
>
> Take the minutes of a public authority meeting, which name the
> individuals
> attending and the decisions they were involved with - and suppose for
> simplicity
> that the decisions do not relate to another individual (i.e.
> we are not
> dealing with
> a decision such as one to suspend Joe Soap from work, or to pay Jim
> Smith an
> extra five hundred pounds). Suppose the minutes state that
> "Fred Bloggs
> attended
> a meeting at which it was decided to buy cement from the
> Barnsley Cement
> Company" and this is followed by details of the cement order.
>
> In our view, a recorded name concerning a living individual in this
> context amounts
> to personal data (and there could be other bits of information about
> Fred set out
> in the minutes which will be his personal data). The data protection
> interface could
> be applied to the name (and any other personal data); this
> could result
> in the name
> being redacted.
>
> This is not the result achieved by following the OIC's advice (with
> which we
> disagree). He has gone on the record to say that "Where an
> individual's
> name
> appears in information the name will only be personal data where its
> inclusion in
> the information affects the named individual's privacy" and that "mere
> reference
> to a person's name where the name is not associated with any other
> personal
> information" is not "normally" personal data".
>
> On that basis the names of officials could be released to applicants
> because they
> would not be personal data of the individuals so named and therefore
> exempt
> under the FOI rules.
>
> The argument, based on the this advice, would be as follows. Consider
> the court's
> test to determine whether there are personal data about Fred
> Bloggs. To
> be
> personal data, the data have to focus on a specific
> individual (NO - the
> focus of
> the data is on a cement order), and have to contain
> information which is
> "biographical in a significant sense" (NO - the data are
> about a cement
> order and
> mention of Fred Bloggs in conjunction with the order is an incidental
> factor). Do
> the data comprise information that "affects his privacy, whether his
> personal or
> family life, business or professional capacity?". If there is
> no special
> significance in
> Fred Bloggs being mentioned in conjunction with the order, then the
> answer is
> "no". It follows that the there is no reason founded in data
> protection
> why the
> name of the individual making the order should not be released.
>
> Of course, where there are reasons why the information about who made
> the
> order or who was present when the decision was taken, is significant
> (e.g. because
> Mrs Bloggs owns shares in the Barnsley Cement Company), such that the
> information could impact on Fred's privacy, then the information about
> who made
> the decision is personal data. The circumstances will need to
> be tested
> in each
> case.
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Watson, Patrick
> Sent: 08 September 2004 08:28
> To: [log in to unmask]
> Subject: Re: Interaction between DPA and FOI
>
>
> The point that I am trying to clarify is whether chronologically
> maintained manual personnel files escape disclosure under both the DPA
> and FOIA. When I put this to OIC I was told that chronologically
> ordered manual personnel files did not meet the definition of
> a relevant
> filing system and were not disclosable. I then asked whether a data
> subject could access this same personnel file under FOIA and
> was told no
> as it contained personal data. The OIC cannot have it both ways.
>
> There is no doubt that manual personnel files are crammed full of
> personal data and this makes the Durant decision illogical. Personnel
> files probably hold more personal data than any other file in the
> organisation and current and former staff will find bizarre that they
> cannot get any form of access to it under DPA or FOIA. Have we got a
> situation that excludes this employment area from any
> effective scrutiny
> by data subjects.
>
> Patrick
>
> -----Original Message-----
> From: DREW Nic [mailto:[log in to unmask]]
> Sent: 07 September 2004 15:32
> To: [log in to unmask]
> Subject: Re: [data-protection] Interaction between DPA and FOI
>
>
> FOIA introduces a new category of data (category e ) into the DPA, but
> only for public authorities. This category will widen access
> to personal
> data,that Durant might have prevented, but has an exemption for access
> to personnel data. See sections 68 and 69 of the FOIA.
>
> Nic
>
> -----Original Message-----
> From: Watson, Patrick [mailto:[log in to unmask]]
> Sent: 07 September 2004 10:56
> To: [log in to unmask]
> Subject: Interaction between DPA and FOI
>
> Can colleagues help me to clarify some issues relating to the
> interaction between data protection and FOI. Many manual files
> including personnel files do not meet the Court of Appeal (Durant)
> definition of a relevant filing system and are therefore not
> disclosable
> under the subject access provisions of the DPA. If a file is not
> considered to be personal data then what access is there to
> this file by
> the data subject through FOI?
>
> Thanks
>
> Patrick
>
> Email has been scanned by www.emf-systems.com for viruses and SPAM
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Email has been scanned by www.emf-systems.com for viruses and SPAM
>
> Email has been scanned by www.emf-systems.com for viruses and SPAM
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ______________________________________________________________
> __________
> ____________________________
> This e-mail has been scanned for all viruses by Star Internet using
> MessageLabs SkyScan services. For more information visit:
> www.star.net.uk.
> ______________________________________________________________
> __________
> ______________________________
>
>
> We are delighted to announce that Masons has been shortlisted
> for recognition in this year's LOTIES Awards (Legal Office
> Technology Innovation Awards).The annual awards are organised
> by In Brief Magazine. We would be grateful if you would take
> five minutes to vote for us!
>
> Voting closes on 22nd October. Please visit
> www.masons.com/php/page.php?page_id=eloties4400 for further details
>
>
> If you have received this e-mail in error, do not use the
> contents of the e-mail or disclose it to any other person.
> Please notify us by reply, or telephone our London office on
> +44 (0) 20 7490 4000, and then delete the e-mail. We believe,
> but do not warrant, that this e-mail and its attachments are
> virus-free, but you should check. Masons may monitor traffic
> data of both business and personal e-mails. By replying to
> this e-mail, you consent to Masons' monitoring the content of
> any e-mails you send to or receive from Masons. Masons is not
> liable for any opinions expressed by the sender where this is
> a non-business e-mail.
>
> Masons is an international law firm with offices in London,
> Bristol, Edinburgh, Glasgow, Leeds, Manchester, Brussels,
> Hong Kong and Shanghai. Further information about the firm
> and a list of partners are available for inspection at 30
> Aylesbury Street, London EC1R 0ER or from our web site at
> www.masons.com. Each of our offices is regulated by the
> relevant local law society.
>
> This e-mail has been scanned for all viruses by Star Internet
> using MessageLabs SkyScan services. For more information
> visit: www.star.net.uk.
> ______________________________________________________________
> ___________________________
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|