News5 mins ago
Data Protection Act
Where can I find some information (for a non-lawyer) about this? I am finding it increasingly irksome that the act is being brandished about right left and centre, inappropriately I am sure, and I bet it is not being quoted to protect the parties Parliament intended to protect!
Answers
Best Answer
No best answer has yet been selected by vittoria. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.Have you looked at dataprotection.gov.uk, the Information Commissioner's site, comprehensive and easy to understand. There's a wealth of info out there of course, but are you looking for anything specific? Being a legal bod in a financial services company, the DPA is one of many pieces of legislation I have the (dis)pleasure of knowing inside out, so will help if you give me more info as to precisely what you want to know.
Thank you Miss Zippy; will look at site; well, to try and explain what I want to know I will give you two recent examples from the papers. One item in The Times said that a child was injured in a nursery; to cut a long story short, the parents wanted to know what had happened but Ofsted (and the nursery itself of course) refused to disclose it citing their duty to the nursery, the Human Rights Act and the Data Protection Act. Also recently an article in the Evening Standard (Homes & Property section) said that where in a block of flats some residents refuse to pay the cost of things like maintenance work etc, you cannot name & shame because of the DPA. These are just a couple of examples. I suppose it can't have been the intention of Parliament in passing the act, to protect negligent nurseries and leaseholders who put a spanner in necessary maintenance works. I get the impression the Act is being waved around by all sorts of "chancers" if you see what I mean. So I am only looking to get a feel for what the act actually says and does. I should add that I am two thirds of the way through a p/t law degree, but I have not come across the Act yet, but this is another reason why I am interested in the law. Many thanks for your help.
(a) To cut a long story short, there are eight principles under the DPA that data controllers (people who collect and process personal information) must adhere to. These include things like only collecting as much personal data on an individual as you actually need for the purpose in question (e.g if a data controller only needs an individual's name and address for a certain purpose, he or she might find it difficult to justify to the information commissioner why they also have information on that person's employment/income/health etc etc.), only keeping that information for a reasonable period and keeping it confidential. The Act also gives individuals the right to ask for a Subject Access Request, from anyone who holds information about them and who is subject to the Act, whether it be your bank, doctor, employer etc. Obviously, you can only request details of information held relating to you and not anyone else. Data controllers are obliged to withhold any information identifying another individual, unless that individual consents to such disclosure. If a data controller discloses info relating to another individual, they risk getting sued (s.13(1)). Hence, in the examples you mention, the information could not be disclosed. There is little case law around at the moment to help us see how the courts are interpreting the Act, but this is probably because the Act only came into effect in 2000. Hope that helps a bit. Good luck in your studies, sounds like you're through the worst bit! I'm sure you'll find it's a really useful and marketable qualification to have.
Many thanks Miss Zippy, what you say helps to clarify the situation; I must say I don't like the little that I know about the DPA. It encourages secrecy, but secrecy is not good for democracy. This Act will make it more difficult for people to "have their day in Court". For ex, without information about the accident, the injured child's family cannot make an informed decision as to whether they have a case to sue the nursery or how good that case is. This cannot be right. Another thing: I have found time and again that the Courts do not take kindly to those who try to use them to cover up dodgy dealings et similia. As you say, we have to wait for some judicial decisions.
Personal data can be exempt from the non-disclosure provisions of the DPA if the disclosure is necessary to enable a third party to seek legal advice and/or bring or defend legal proceedings. Even then, a data controller is not obliged to disclose the information in question. Problem is, data controllers will often not be in a position to know whether the necessity test can be met or not, the result being that the requesting party will have to obtain a court order for disclosure. I was a personal injury litigator for three years (acting for claimants) and in that time I only ever had to obtain a court order once where the defendant was citing DP obligations as a reason for not disclosing, although that was probably more down to the fact that data controllers were oblivious to their DP obligations, rather than because they wanted to be seen to be co-operating!