I would point out that both FoI and the DPA are generally operated in
organisations without a legal department - and in which in my experience
won't obtain external legal advice except in special circumstances.
Therefore it is necessary that both Acts be capable of clear understanding
by non-lawyers.
Otherwise, in my opinion, both Acts - particularly the FoI - would be
unworkable.
Nick Landau
----- Original Message -----
From: "Andrew Charlesworth" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, May 26, 2006 5:58 PM
Subject: Re: [data-protection] Employee SAR
> In strict post-Durant terms, the information you were asking for from the
> Council, by your own definition below, does not seem to be "personal data"
> (i.e. about you). As the Court in Durant said, when determining whether
> data is personal data, data controllers should have regard to:
>
> "whether the information is biographical in a significant sense that is,
> going beyond the recording of [the individual's] involvement in a matter
> or an event which has no personal connotations."
>
> "The information should have the [individual] as its focus rather than
> some other person with whom he may have been involved or some transaction
> or event in which he may have figured or have had an interest."
>
> As such the information about the rubbish collection at your block of
> flats is probably not "about you" in the same way as the FSA's materials
> on Mr Durant's case were not "about him", and the s.40 exemption would
> thus not apply. In other words your assertion that you were an individual
> requesting "information about him or herself" is by your own earlier
> description, factually incorrect. You were more accurately an individual
> who figured in, or had an interest in, some transaction or event (or by
> the sound of things, possibly failed transaction or non-event) that was
> the focus of the information.
>
> In guidance terms, therefore, I would suggest that the statement is
> acceptable as a statement of policy i.e. if the data requested is
> personal data (i.e. "about him or herself"), the appropriate regime to
> handle it under is that of the DPA 1998; if it is not personal data then
> the appropriate regime is the FOIA 2000.
>
> While I would be just about prepared to concede (it is Friday, after all)
> that the quotation provided from the Legal Briefing Paper* might be
> considered ambiguous when viewed in isolation, in the context of the rest
> of the content of the webpage, including the discussion of Durant, it is
> not.
>
>
> Best wishes
>
> Andrew
>
> * In the interests of full disclosure, I suppose I should note, for those
> who haven't read it, that I wrote the majority of the document in
> question.
>
>
>
>
> --On 26 May 2006 11:57 +0100 Nick Landau <[log in to unmask]> wrote:
>
>> See http://www.jisclegal.ac.uk/dataprotection/dataprotection.htm
>>
>> I query the statement in the Legal Briefing Paper that:
>>
>> "A request by an individual for information about him or herself is
>> exempt under the FOIA 2000 and should be handled as a 'subject access
>> request' under the DPA 1998."
>>
>> I have mentioned before that I requested all the papers held by my
>> Council about the rubbish collection at my block of flats. As this was a
>> case concerning myself and I wanted the emails/correspondence that
>> mentioned me I specifically said that they should mention my name. I
>> agree that this might have been unnecessary - but I wanted to focus the
>> enquiry and the case mainly concerned myself.
>>
>> I therefore dispute that it might have been considered a DPA request. I
>> wasn't asking for records on a database concerning myself - these were ad
>> hoc emails - but in the terms of the statement above I was an individual
>> requesting "information about him or herself".
>>
>> I would comment specifically about Simon's request that the requester has
>> the right to change or at least comment on incorrect information.
>>
>> I would presume that where a 3rd party is mentioned that their name might
>> be withheld (this is not my specialised area!) - as per the Freedom of
>> Information Act - this does seem to be an area that might be helpfully
>> clarified on the Information Commissioner's website.
>>
>> Nick Landau
>
>
>
>
> Andrew Charlesworth
> Senior Research Fellow in IT and Law
> Director, Centre for IT and Law
> School of Law/Department of Computer Science
> University of Bristol
> Wills Memorial Building
> Queens Road, Bristol BS8 1RJ
>
> Tel: 0117 954 5633 (CompSci)
> Fax: 0117 954 5208 (CompSci)
> E-mail: [log in to unmask]
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|