JISCMail - DATA-PROTECTION Archives

Section 68 of the FOIA amends the DPA to include the new category of
data, known as category 'e' data. As such Durant is not relevant as it
applies to category 'c' data.

Nic Drew

-----Original Message-----
From: Graeme Hawley [mailto:[log in to unmask]] 
Sent: 04 January 2006 14:16
To: [log in to unmask]
Subject: DPA interface with FOISA

Hi there,

I suspect that this is old ground, but in trying to fathom out the
Durant 
thing in my mind, I came across this advice from the Scottish Executive 
about structured / unstructured data:

"16.2.3 New Category of Data

At present the DPA only covers personal data in computerised format and
in 
some limited types of manual records. It will be extended for public 
authorities subject to the FOISA to cover a new category of data. The
new 
category is "recorded information held by a public authority" which does

not fall within any of the other categories. This recorded information
is 
broken down into two types:

Structured - this is information structured by reference to individuals
or 
criteria relating to individuals but that does not fall within a
relevant 
filing system (key word Module 15) (i.e. specific information on 
individuals is not readily accessible). 
Unstructured - this is all other data and may include notebooks, files
not 
structured by reference to individuals, papers etc. 
The right of access will be extended to cover both types of this new 
category of information. The result will be that ALL recorded
information 
about individuals held by a public authority subject to the FOISA 
potentially will be covered by the DPA for the purposes of access by the

data subject and correction." (From FOISA Open Learning Workbook, Module
16)

The thing is, although ALL personal data is covered by FOISA, in the
event 
of a request for personal data it is likely to be exempt or to be
treated 
under the DPA.  Which seems to have a narrower definition of
unstructured 
personal data if the latest on Durant is anything to go by.  So, what is

the point of having a wider definition in the FOISA guidance??

Then... I think 'The UK verdict on Durant may still be overturned by the

EU, so should I operate under a broader definition of personal data on
the 
assumption that this will be the long term outcome?'

And besides - by aiming to be compliant with a wider definition, it 
hopefully increases the chances of complying fully with the minimum.

Any thoughts on my thoughts, or the Scottish Executive guidance, anyone?

Happy New Year
Graeme

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message is strictly confidential and intended for the person or organisation to whom it is addressed. If you are
not the intended recipient of the message then please notify the sender immediately. Any of the statements or comments
made above should be regarded as personal and not necessarily those of Cardiff & Vale NHS Trust, any constituent part
or connected body.

All e-mail sent to or from this address will be processed by Cardiff & Vale NHS Trust's Corporate e-mail system and
may be subject to scrutiny by someone other than the addressee.

Please be aware that, under the terms of the Freedom of Information Act 2000, Cardiff & Vale NHS Trust may be required
to make public the content of any emails or correspondence received. For further information on Freedom of Information,
please refer to the Cardiff & Vale NHS Trust website at www.cardiffandvale.wales.nhs.uk


Mae'r neges hon yn gyfrinachol. Os nad chi w'r derbynnydd y bwriedid y neges ar ei gyfer, byddwch mor garedig ÿ rhoi
gwybod i'r anfonydd yn ddi-oed. Dylid ystyried unrhyw ddatganiadau neu sylwadau a wneir uchod yn rhai personol, ac nid
o angenrhaid yn rhai o eiddo Ymddiriedolaeth GIG Caerdydd a'r Fro, nac unrhyw ran gyfansoddol ohoni na chorff
cysylltiedig.

Caiff pob e-bost a anfonir oÿr cyfeiriad hwn ei brosesu gan system e-bost Gorfforaethol Ymddiriedolaeth GIG Caerdydd
a'r Fro, a gallai gael ei archwilio gan rai ac eithrio'r sawl a anfonodd y neges.

Cofiwch fod yn ymwybodol ei bod yn bosibl y bydd disgwyl i Ymddiriedolaeth GIG Caerdydd a'r Fro roi cyhoeddusrwydd i
gynnwys unrhyw ebost neu ohebiaeth a dderbynnir, yn unol ag amodau'r Ddeddf Rhyddid Gwybodaeth 2000. I gael mwy o
wybodaeth am Ryddid Gwybodaeth, cofiwch gyfeirio at wefan Ymddiriedolaeth GIG Caerdydd a'r Fro ar
www.cardiffandvale.wales.nhs.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^