Data Protection - Accessing Personal Data - Spring 2004
01 April 2004
As a new piece of legislation which has not been in force long, the Data Protection Act 1998 has been a source of anxiety for businesses and employers due to the lack of clarity surrounding obligations under the Act. Not many cases have made it to court and so there is a dearth of legal precedent on which to base best practice.
Of particular concern to businesses has been the ominous data subject access request. Guidance from the Information Commissioner so far has been that an individual’s request for information held on that individual, employee or client, should trigger an all-encompassing search through company records and that the individual is entitled to copies of all information identifying them. Taking a cautious and exhaustive approach in providing all data referring to the individual subject has been the normal routine in the face of a request. This has meant that documents including board minutes, internal memoranda and emails have been provided to fend off any accusation of non-compliance with the Act. This is an onerous and expensive task, particularly when the fee payable for the request is generally no more than £10.
Practitioners in the field have therefore waited eagerly for the decision on Durant v Financial Services Authority [2003]. This case dealt precisely with the question of what constituted ‘personal data’ and what ought to be disclosed under an access request. Mr Durant requested records from his bank and asked the regulator, the FSA, to assist him. The FSA made its investigation then closed its file without reverting to Mr Durant because of its confidentiality duties under the Banking Act 1987. Mr Durant therefore made access requests of the FSA which provided only some of the data held. Crucially, it withheld documents held in paper filing systems claiming that these were not ‘personal’ to the individual.
The judge devised a test: the entitlement would extend only to information which is ‘biographical’ that is, there must be ‘personal connotations’ for the individual. Mere mention of the individual’s name will not now suffice. Any document, whether electronically held or within a structured manually held filing system, should be looked at in this way. Although still a document by document test, companies will be able to hold back far more than before.
This will allow businesses to breath a sigh of relief, finally some clarification in their favour has arrived.
Related Documents
- Business Spring 2004
File size: 179 KB
Date published: 29/11/2007
‹ Back
Please call 0845 603 10 57 to speak to a member of our team
- Services for Business
- Services for Individuals
- › Residential Property
- › French Property Law
- › Family Law Kent
- › Family Mediation
- › Civil Partnerships
- › Personal Injury Claims
- › Professional Negligence
- › Wills, Tax and Estate Planning
- › Disputed Wills, Estates and Trusts
- › Estates and Trust Administration
- › Affairs of the Older Person
- › Notary Public
- › Financial Services for Individuals
- Pages recently added
- › Replacement Copies of Decree Absolute
- › Current Vacancies
- › Top Tips on French Laws of Succession
- › What to do when buying French Property
- › The Basics of Buying French Property
- › Trusts Legal Terms Explained
- › Inheritance Tax (IHT) Jargon Buster
- › Wills and Estate Planning Jargon Buster
- › Powers of Attorney Glossary
- › People Involved in Making a Will