Book contents
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
4 - The scope of the Data Protection Act
Published online by Cambridge University Press: 09 June 2018
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
Summary
Introduction
The UK Data Protection Act 1998's main functions are connected with access to data. However, there are other parts of the Act that need to be considered and these will be looked at in this chapter. Some of the issues examined will relate to definitions that have not already been mentioned in Chapters 2 and 3. Other topics will include parts of the Act which do not fit happily into any of the other chapters.
Credit reference agencies
It is assumed that a request made to a credit reference agency for data relates to the requester's financial standing. The request is made under section 7 of the Act, which relates to making a request and will be mentioned in Chapter 6. However, it is also covered by section 9 of the Act, which relates solely to these agencies, as other legislation such as section 159 of the Consumer Credit Act 1974 also has an effect on them. Do not forget that the timescale is different for supplying the data – seven days – and so is the fee, currently £2.50 (Data Protection (fees under section 19/7) Regulations 2000).
Right to stop processing
There are a number of issues under section 10 of the Act relating to processing. Firstly the requester can give notice that the data controller must
cease or not to begin, processing … any personal data in respect of which he is a data subject.
(DPA 1998, s. 10(1))Of course it would be necessary to prove that there was a likelihood of damage or distress and that the processing was not warranted. So using their data to arrest an individual would cause them distress, but would be warranted. The data controller must reply within 21 days to tell the requester that they have complied or why they will not comply. A court can force a data controller to comply if it agrees with the requester.
Compensation – damage and distress
Compensation is very difficult to obtain under the Act. A person can get compensation for damage or damage and distress but not for distress on its own. The person must prove some actual damage, a brick through the window for example (section 13).
The first illustration shows how embarrassment has been caused, but not actual damage.
- Type
- Chapter
- Information
- Information Rights in PracticeThe non-legal professional's guide, pp. 21 - 28Publisher: FacetPrint publication year: 2008