Data Protection Act - Essay Example

Data Protection Act The Data Protection Act (DPA) is an act which provides the legal foundation for the dealing with and managing information pertinent to living people. It is the primary piece of legislation that rules over the protection of personal data. Even though the Act does not refer to privacy, in practice it provides a method in which individuals could put into effect the control of information about themselves. Most of the Act does not relate to domestic use, 1 for instance keeping a personal address book. Organizations on the other hand are legally obliged to meet the terms of this Act, subject to several exemptions. Observance of the Act is imposed by a sovereign government authority, the Information Commissioners Office (ICO). The ICO maintains direction pertinent to the Act.2 The Act characterizes eight principles of information-handling practice. The Data Protection Act is considered an immense Act that has a status for difficulty.3 At the same time as the fundamental principles are honored for the protection of privacy, understanding the act is not all the time simple. Numerous companies, organizations and individuals appear hesitant of the aims, substance and even principles of the DPA. Some hide behind the Act and rebuff to give even very indispensable, publicly accessible material referencing it to the Act as a restriction.4 1 For more information refer to the Data Protection Act (1998). Part IV (Exemptions), Section 36, Office of Public Sector Information. 2 For a more detailed account on this area, see The Data Protection Act. (2007). Office of the Information Commissioner. 3Bainbridge, D. (2005) provides a more detailed discussion of the Introduction to Computer Law - Fifth Edition, p. 430. 4 See Data Protection myths and realities. (2007). Information Commissioners Office. The act also impacts the manner in which organizations carry out business in terms of who can be contacted for marketing purposes, not only through telephone and direct mail, but also by electronic means and resulted the improvement of permission which has its basis referenced to marketing strategies. Freedom of Information Act 2002 The Scottish Parliament enacted the Freedom of Information (Scotland) Act 2002 (the Scottish Act) was on 24 April 2002 and received Royal consent on 28 May 2002. The Scottish Act provides a new general constitutional right of access to all types of recorded information of any age in the custody Scottish public authorities. The UK Act does is not applicable to public authorities covered by the Scottish legislation. On the other hand, the Scottish Act does not taken into account and cover the UK government departments functioning in Scotland as well across-border public authorities (for example the Ministry of Defence and the Forestry Commission). These institutions and authorities are covered by the UK Act. The Scottish Act is only applicable to public authorities and not to private entities. Public authorities are, on the other hand, generally described in the Scottish Act, and comprise not only Local Authorities, NHS Scotland, the Scottish Executive and its agencies, the Police and the Scottish Parliament, but also schools, colleges and universities. Private entities like that of spin-off companies, which are completely under the ownership of a public authority would also be covered by the Scottish Act. The Scottish Information Commissioner (the Scottish Commissioner) imposes the Scottish Act. The Scottish Commissioner is a new office that is sovereign of the office of the UK Information Commissioner (the UK Commissioner). The UK Commissioner has the accountability for carrying out and imposing the UK Act in England, Wales and Northern Ireland, as well as for the implementation of the Data Protection Act 1998 throughout the entire of UK, taking in Scotland. In turn, the Scottish Commissioner does not have accountability for implementing data protection legislation. The Publication Scheme As public authorities, Scottish FE and HE institutions are necessitated to assume and uphold publication schemes, which should be given approval by the Scottish Commissioner. Such schemes should insitute5: The classes of information the organization publishes The manner in which the information is put into print Details of any charges The Scottish Act does not provide a definition of what a class ought to include, leaving it up to public authorities to generate their own outline and context. The Scottish Executive Freedom of Information Implementation Group has emphasized in their paper on publication schemes that the UK Commissioner has published extensive regulation pertinent to the groundwork and substance of publication schemes that are to be prepared as contained in the UK Act, and that the Scottish Commissioner would also arrange counsel in due course. 5See Charlesworth, A. (2003). Freedom of Information Act 2002: Implementation & practice (Scotland). The UK Commissioners guidance on this issue for the UK Act is enclosed in a text entitled Publication Schemes: Guidance and Methodology. Provided with the varying nature of the different public authorities, this regulation is essentially somewhat general. On the other hand, several key points could be pointed out6: A general description of a class is a group of information possessing one or more familiar characteristics Including a class of information in a scheme consigns the public authority to publishing the information that could be found in it A class would contain as much or as little information as it describes - for instance, a class could be comprised of a single document A clear class characterization is recommended to guarantee that information that could be taken into account to fall within the class, but which the public authority deems should be excused, is evidently demonstrated to be disqualified from the class There is no prearranged manner of publication for material characterized in the publication scheme. That is provided that the public authority has indicated that it would put into print definite information, on the other hand, it should also indicate the form in which it plans to publish the information. Considering the Scottish Act there are no agreed charges for information included in a public authoritys publication scheme. 6See Charlesworth, A. (2003). Freedom of Information Act 2002: Implementation & practice (Scotland). A public authority could decide not to incriminate for any information, to charge for all of it, or to charge for selected information. The publication scheme does not need to institute precise charges, simply to designate which material would be subject to charges. The Scottish Act mainly goes in accordance with the UK Act, pertinent to the nature of publication schemes, but varies in relation to the public interest test that the public authority should reflect on when evaluating the content of its publication scheme. The Scottish Act openly pertains to two categories of information where Scottish public authorities should focus their attention to the public notice5: Information pertinent to the provision of services by a public authority, the cost to a public authority of providing them or the standards attained by services so provided Information that is comprised of facts, or analyses, on the foundation of which decisions of meaning to the public have been prepared by a public authority The Freedom of Information (Scotland) Act impact on Data Protection Issues The earliest Court of Session case on the Freedom of Information (Scotland) Act 2002 concluded in victory for the Scottish Information Commissioner, Kevin Dunion, on 1 December 2006.  The case is Common Services Agency v Scottish Information Commissioner [2006] CSIH 587.  7McQueen, H. L and Wortley, S. (2006). FoI wins over Data Protection. Scotland News. The Agency had been called for to supply the information regarding the documented incidence of childhood leukemia in Dumfries and Galloway from 1990 to 2003, on the otherhand the agency refused providing the information it has on the basis that the data contained information from which individuals could be identified, and so, in terms of the Data Protection Act 1998, was excused from the FoI condition.  The total number of childhood leukemia cases for the time interval provided was 15 and this, together with the information concerning the location of each case in Dumfries and Galloway, translated to the fact that every victim could be determined provided with a little more exploration by the inquirer (an MSP’s subordinate).  The main inquiry then was the data protection one, whether data altered in protection of individual privacy could nevertheless itself be personal data which should not be revealed.  The First Division came in after Durant v Financial Services Authority [2003] EWCA Civ 1746 and maintained that the altered content was not personal data of whichever individual child, because it did not included any biographical detail; their confidentiality would not be breached by FoI disclosure.  Whereas this translates to the fact that the court considered a constricted approach to the conditions of data protection, it also took a considerably extensive approach to the FoI ones. In this case the weight of which act would prevail depends on the significance it poses as well as its overall impact. References: Bainbridge, D. (2005). Introduction to Computer Law - Fifth Edition. Pearson Education Limited. Charlesworth, A. (2003). Freedom of Information Act 2002: Implementation & practice (Scotland). Centre for IT and Law, University of Bristol. Data Protection Act (1998). Part IV (Exemptions), Section 36, Office of Public Sector Information. Data Protection myths and realities. (2007). Information Commissioners Office. McQueen, H. L and Wortley, S. (2006). FoI wins over Data Protection. Scotland News. The Data Protection Act. (2007). Office of the Information Commissioner. Read More