JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for DATA-PROTECTION Archives

DATA-PROTECTION Archives

DATA-PROTECTION Archives


data-protection@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font
LISTSERV Archives

LISTSERV Archives
DATA-PROTECTION Home

DATA-PROTECTION Home
DATA-PROTECTION 2004

DATA-PROTECTION 2004

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

 Log In

Log In

 Get Password

Get Password

Subject:

Re: Interaction between DPA and FOI

From:

Ian Welton <[log in to unmask]>

Reply-To:

Ian Welton <[log in to unmask]>

Date:

Wed, 8 Sep 2004 15:29:01 +0100

Content-Type:

text/plain

Parts/Attachments:
Parts/Attachments

text/plain (399 lines) 

In my opinion it would have been far simpler to rely on an 'acting in a
public capacity' type argument, which could have been simpler and more
flexible in the relevant area without creating the additional difficulties
of finely re-focusing the personal data definition in all spheres.

But then I suppose that public servants who may have wished to maintain
their 'organisational privacy' by using posts or numbers instead of names,
would have increased the depersonalisation of social groups and caused much
personal responsibility/accountability to be lost.  

Although the current situation could be seen to remove some personal
responsibility/autonomy from the shoulders of data controllers and certainly
within the private sector does seem to have wider affect.  Simpler than a
separate private sector DPA, and, if one is to believe most corporate
publicity, private sector organisations are far less likely to abuse data
subjects privacy rights when protecting the corporate assets.

Contentiousness and Employment laws/RIPA aside, scepticism must creep in
when a complete area of a widely protective mechanism is removed without
public discussion or consultation.

Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection 
> issues [mailto:[log in to unmask]] On Behalf Of 
> Pounder Chris
> Sent: 08 September 2004 12:48
> To: [log in to unmask]
> Subject: Re: Interaction between DPA and FOI
> 
> 
> The contents of this e-mail are confidential and may be 
> privileged. Please refer to the notice at the foot of this 
> e-mail before reading any further.
> 
> 
> 
> I enclose a section of our newsletter on the Durant case which dealt
> with this. 
> 
> TEXT BEGINS
> 
> FOI and the right of access by anybody
> 
> For public sector bodies only, the Freedom of Information (FOI)
> legislation adds a
> further layer of complication, in that all recorded personal 
> information
> with an
> individual as its focus, irrespective of structure, will be personal
> data and subject
> to the right of access and correction by the individual 
> concerned (from
> January
> 2005, when the FOI legislation comes fully into force for 
> most UK public
> authorities).
> 
> All information held by a public authority will, subject to an
> exemption, also be
> accessible either via the 1998 Act or under FOIA. This is how it will
> work.
> The FOIA enacted by the Westminster Parliament modifies the definition
> of "data"
> under section 1 of the 1998 Act so that "data" now covers all recorded
> information held by a public authority, whether electronically or on
> paper, while
> "information" under section 84 of FOIA must also be recorded
> information. So as
> soon as FOIA is in force, "data" under the 1998 Act will also be
> "information"
> under FOIA and vice-versa.
> 
> Recorded information which is not personal data under the 
> 1998 Act will
> nevertheless be information under FOIA, so any recorded 
> information held
> by a
> public authority must either be accessible via the 1998 Act or under
> FOIA (subject
> to exemptions, of course). The Scottish FOIA works in the same way.
> Note that if recorded personal information which does not have an
> individual as
> its focus is not personal data, then this personal information will be
> accessible by
> any applicant under FOI rules (i.e. subject to an FOI exemption).
> However, because
> of the nature of public sector work, there is a very often a duty of
> confidence
> towards the individuals in connection with their interaction with a
> public authority.
> In most cases, recorded information about that individual 
> which is owed
> on duty
> of confidence will be personal data.
> 
> But let us suppose that there is a class of personal information which
> is about an
> individual, but which nevertheless does not qualify as personal data,
> and the
> individual concerned is owed a duty of confidence. In such a case, an
> applicant for
> information under FOIA who is not the individual to whom the duty of
> confidence
> is owed can expect to find the exemption which relates to
> confidentiality being
> applied to bar access.
> 
> But this exemption is not available to the public authority where the
> applicant is
> the individual who is the subject of the information - it 
> will not be a
> breach of
> confidentiality to disclose confidential information about 
> the applicant
> to the
> applicant.
> 
> In other words, under FOIA an applicant who is an individual 
> the subject
> of the
> information will gain access to all his personal information, 
> subject to
> the
> application of relevant exemptions. But we do not expect any
> confidential
> information about individuals to leak into the public domain 
> as a result
> of an FOI
> right of access to information.
> 
> Does FOI create a gap?
> 
> In the case of public authorities, there are concerns that personal
> information
> which pre-Durant could have been considered to be personal data, could
> become
> subject to disclosure in response to a FOI request from any applicant.
> 
> Take the minutes of a public authority meeting, which name the
> individuals
> attending and the decisions they were involved with - and suppose for
> simplicity
> that the decisions do not relate to another individual (i.e. 
> we are not
> dealing with
> a decision such as one to suspend Joe Soap from work, or to pay Jim
> Smith an
> extra five hundred pounds). Suppose the minutes state that 
> "Fred Bloggs
> attended
> a meeting at which it was decided to buy cement from the 
> Barnsley Cement
> Company" and this is followed by details of the cement order.
> 
> In our view, a recorded name concerning a living individual in this
> context amounts
> to personal data (and there could be other bits of information about
> Fred set out
> in the minutes which will be his personal data). The data protection
> interface could
> be applied to the name (and any other personal data); this 
> could result
> in the name
> being redacted.
> 
> This is not the result achieved by following the OIC's advice (with
> which we
> disagree). He has gone on the record to say that "Where an 
> individual's
> name
> appears in information the name will only be personal data where its
> inclusion in
> the information affects the named individual's privacy" and that "mere
> reference
> to a person's name where the name is not associated with any other
> personal
> information" is not "normally" personal data".
> 
> On that basis the names of officials could be released to applicants
> because they
> would not be personal data of the individuals so named and therefore
> exempt
> under the FOI rules.
> 
> The argument, based on the this advice, would be as follows. Consider
> the court's
> test to determine whether there are personal data about Fred 
> Bloggs. To
> be
> personal data, the data have to focus on a specific 
> individual (NO - the
> focus of
> the data is on a cement order), and have to contain 
> information which is
> "biographical in a significant sense" (NO - the data are 
> about a cement
> order and
> mention of Fred Bloggs in conjunction with the order is an incidental
> factor). Do
> the data comprise information that "affects his privacy, whether his
> personal or
> family life, business or professional capacity?". If there is 
> no special
> significance in
> Fred Bloggs being mentioned in conjunction with the order, then the
> answer is
> "no". It follows that the there is no reason founded in data 
> protection
> why the
> name of the individual making the order should not be released.
> 
> Of course, where there are reasons why the information about who made
> the
> order or who was present when the decision was taken, is significant
> (e.g. because
> Mrs Bloggs owns shares in the Barnsley Cement Company), such that the
> information could impact on Fred's privacy, then the information about
> who made
> the decision is personal data. The circumstances will need to 
> be tested
> in each
> case.
> 
> 
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Watson, Patrick
> Sent: 08 September 2004 08:28
> To: [log in to unmask]
> Subject: Re: Interaction between DPA and FOI
> 
> 
> The point that I am trying to clarify is whether chronologically
> maintained manual personnel files escape disclosure under both the DPA
> and FOIA.  When I put this to OIC I was told that chronologically
> ordered manual personnel files did not meet the definition of 
> a relevant
> filing system and were not disclosable.  I then asked whether a data
> subject could access this same personnel file under FOIA and 
> was told no
> as it contained personal data. The OIC cannot have it both ways.
> 
> There is no doubt that manual personnel files are crammed full of
> personal data and this makes the Durant decision illogical.  Personnel
> files probably hold more personal data than any other file in the
> organisation and current and former staff will find bizarre that they
> cannot get any form of access to it under DPA or FOIA.  Have we got a
> situation that excludes this employment area from any 
> effective scrutiny
> by data subjects.
> 
> Patrick
> 
> -----Original Message-----
> From: DREW Nic [mailto:[log in to unmask]]
> Sent: 07 September 2004 15:32
> To: [log in to unmask]
> Subject: Re: [data-protection] Interaction between DPA and FOI
> 
> 
> FOIA introduces a new category of data (category e ) into the DPA, but
> only for public authorities. This category will widen access 
> to personal
> data,that Durant might have prevented, but has an exemption for access
> to personnel data. See sections 68 and 69 of the FOIA.
> 
> Nic
> 
> -----Original Message-----
> From: Watson, Patrick [mailto:[log in to unmask]]
> Sent: 07 September 2004 10:56
> To: [log in to unmask]
> Subject: Interaction between DPA and FOI
> 
>         Can colleagues help me to clarify some issues relating to the
> interaction between data protection and FOI.  Many manual files
> including personnel files do not meet the Court of Appeal (Durant)
> definition of a relevant filing system and are therefore not 
> disclosable
> under the subject access provisions of the DPA.  If a file is not
> considered to be personal data then what access is there to 
> this file by
> the data subject through FOI?
> 
> Thanks
> 
> Patrick
> 
> Email has been scanned by www.emf-systems.com for viruses and SPAM
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Email has been scanned by www.emf-systems.com for viruses and SPAM
> 
> Email has been scanned by www.emf-systems.com for viruses and SPAM
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> ______________________________________________________________
> __________
> ____________________________
> This e-mail has been scanned for all viruses by Star Internet using 
> MessageLabs SkyScan services. For more information visit:
> www.star.net.uk.
> ______________________________________________________________
> __________
> ______________________________
> 
> 
> We are delighted to announce that Masons has been shortlisted 
> for recognition in this year's LOTIES Awards (Legal Office 
> Technology Innovation Awards).The annual awards are organised 
> by In Brief Magazine. We would be grateful if you would take 
> five minutes to vote for us!
> 
> Voting closes on 22nd October. Please visit
> www.masons.com/php/page.php?page_id=eloties4400 for further details
> 
> 
> If you have received this e-mail in error, do not use the 
> contents of the e-mail or disclose it to any other person. 
> Please notify us by reply, or telephone our London office on 
> +44 (0) 20 7490 4000, and then delete the e-mail. We believe, 
> but do not warrant, that this e-mail and its attachments are 
> virus-free, but you should check. Masons may monitor traffic 
> data of both business and personal e-mails. By replying to 
> this e-mail, you consent to Masons' monitoring the content of 
> any e-mails you send to or receive from Masons. Masons is not 
> liable for any opinions expressed by the sender where this is 
> a non-business e-mail.
> 
> Masons is an international law firm with offices in London, 
> Bristol, Edinburgh, Glasgow, Leeds, Manchester, Brussels, 
> Hong Kong and Shanghai. Further information about the firm 
> and a list of partners are available for inspection at 30 
> Aylesbury Street, London EC1R 0ER or from our web site at 
> www.masons.com. Each of our offices is regulated by the 
> relevant local law society.
> 
> This e-mail has been scanned for all viruses by Star Internet 
> using MessageLabs SkyScan services. For more information 
> visit: www.star.net.uk.
> ______________________________________________________________
> ___________________________
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>         http://www.jiscmail.ac.uk/help/commandref.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

April 2024
March 2024
February 2024
January 2024
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000
1999
1998


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

For help and support help@jisc.ac.uk

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager