Data Protection: New Interpretation of the Data Protection Act
A restrictive interpretation of the Data Protection Act 1998 ("the Act") will limit subject access requests1. Businesses may welcome the Court of Appeal's judgment from Durant v FSA [2003], as it might make their obligations under the Act easier to fulfill.
The case of Michael John Durant v Financial Services Authority [2003] EWCA Civ 1746 - Court of Appeal focuses on the right of an individual to access his or her personal data held by an organisation. After a dispute with his bank, which involved the bank successfully applying an exemption which denied him the right of access to his data, Mr Durant complained to the Financial Services Authority ("FSA").
Although the FSA investigated his complaint, it did not reveal detailed information about its investigation to Mr Durant. The FSA made available documents in computerised format but refused him access to manual files, claiming that the information sought was neither "personal" nor part of a "relevant filing system". Mr Durant appealed.
The Court of Appeal held that:-
The purpose of the subject access provision is "...to enable [an individual] to check whether the data controller's processing... unlawfully infringes his privacy and, if so, to take such steps as the Act provides (i.e. blocking or rectification)... It is not an automatic key to any information, readily accessible or not of matters in which he may be named or involved."
Records that make reference to an individual are not necessarily "personal data";
The records must be relevant or proximate to the individual (i.e. significantly biographical or of which the individual was the focus of attention). In deciding on a case-by-case basis whether information falls within the Act, two factors are relevant:
"...Whether the information is biographical in a significant sense, that is, going beyond the recording of the putative data subject's involvement in a matter or event that has no personal connotations... ...information should have the the putative data subject as its focus rather than some other person with whom he may have been involved or some transaction event...In short, it is information that affects his privacy, whether in his personal or family life, business of professional capacity";
It is not sufficient that the records just relate to something in which the individual was involved;
The records must contain "information that affects [the individual's] privacy, whether in his personal or family life, business or professional capacity" - "It is likely in most cases that only information that names or directly refers to [a data subject] will qualify and "not all information retrieved from a computer search against an individual's name or unique identifier is personal data within the Act";
The definition of "relevant filing system" in relation to manual filing systems (i.e. paper-based) are those which are clearly structured, in a manner akin to computerised records, and within which the data must be readily accessible for reasons of practicality, easily identifying the fact that it contains personal data relating to the individual;
There must be clear warning to litigants that the Act: "...is not an automatic key to any information, readily accessible or not, of matters of matters in which he may be named or involved. Nor is to assist him...to obtain discovery of documents that may assist him in litigation or complaints against third parties."
The Court ruled that Mr Durant should not be given the documents requested as, "mere mention of the data subject in a document held by a data controller does not necessarily amount to his personal data".
Mr Durant is awaiting permission to challenge the Court of Appeal's ruling in the House of Lords.
Request by data subjects or individuals for the data that a company holds in relation to the individuals
If you require further information contact us.
Email: enquiries@rtcoopers.com
© RT COOPERS, 2005. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances.
Dr Rosanna Cooper is a partner in RT Coopers Solicitors a law firm based in the City of London. The firm specialises in commercial and corporate law and has an outstanding reputation in areas such as intellectual property, data protection, biotechnology and pharmaceuticals.
Contact us at enquiries@rtcoopers.com. visit our website at http://www.rtcoopers.com
Related Articles:
Hard Disk Data Recovery
The computer is much like a moody fiance. You never know how it would react. Sometimes it is just fine, running at high speed and following your every command. But there are those days when you just wonder what is wrong. And then there are hard drive crashes. Its sickening to even think of them. Have you seen someone whose hard drive has just crashed? You should because if you see, you would not want to be in his shoes. Suddenly at the stroke of a second, all data that you have stored over the months and years, all files are gone ? they are wiped and your slate goes clean. But there is something that is even more horrific that this. And that is a hard disk data recovery service.
Computers: Where To Go For Data Recovery
All computer owners out there know that hard drives can and probably will fail at some point in time. Even though hard drives are built to last and withstand a lot of things, crashes are something that hard drives don?t handle well. Although the loss of data is something to be expected - data recovery ensures that your hard drive doesn?t fail you when you need it the most.
Data Protection Services Teams with Server Armory
Data Protection Services (DPS), the leading provider of online backup and disaster recovery solutions to companies and organizations throughout the United States and Canada, today announced a teaming agreement with Server Armory, a regional data center serving the southeast United States. Server Armory will provide hosting, server colocation, and other managed security and network services at the DPS Hammond, LA facility.
Computers: Tips For Data Recovery
Anytime your hard drive crashes or you lose your data, you?ll need to turn to data recovery to properly restore your information. Data recovery is something most computer users are familiar with, as a majority of us have had to turn to data recovery at some point in time. Even though hard drives are becoming better and better, they are still mechanical and will always encounter problems.
Beyond Hackers and Viruses: Wake up to Overlooked Computer Security Threats
New white paper "How to Avoid a Data Disaster: Computer Security for Service Contractors" details the realities of computer failure and what it could mean for your business.
Atlanta Real Estate Website Launches New Home Search Technology & Design
Realsourcebrokers.com has an unprecedented new home search tool that provides information on Atlanta homes for sale and homes sold. The search feature, called Market Watch, uses data from the First Multiple Listings Service to calculate market sales averages every time listings are displayed. It also displays the latest numbers on local homes for sale, sales pending, and homes sold within the past week. RealSourceBrokers.com is also featuring a new custom design and rebranding by Real Estate Webmasters.
Safend Joins Security Panel at SecureWorld Expo 2007 Offering Insight on Endpoint Vulnerabilities and Data Protection
Safend's Jack Cox to participate in panel discussion addressing threats to endpoint data security. The panel will examine solutions to threats presented by USB drives, email, IM, VoIP, spyware, and keyloggers.
Data Recovery Services & Solutions
Data recovery services & solutions are required when computer users are no longer able to connect to there data under normal operating conditions. Causes of such failures can be broken down into four main categories.
Business Continuity and Disaster Recovery - The Business Continuity and Disaster Recovery Plan
Essentially, the plan addresses the who, what, where, why and when of recovery. Goal number one is to reduce the risk profile of the business.
Computer Security - Startling Facts.
Working on the Internet provides Internet marketers with the opportunity to make a living in the comfort of their own home. Computer Security includes threats such as viruses, identity theft, spyware, adware to name but a few. The latest statistics show that at least over 900 new viruses are created each month which makes keeping track of them really quite difficult. This article would cover three (3) subtopics namely: The Internet, Spyware and Antivirus.