Disclosure of personal data

Data Protection

published in January 2004 issue of HRD & Payroll Solutions Newsletter

The Data Protection Act 1998 (the "Act") provides, among other rights, the right of an individual, i.e. a data subject, to disclosure of personal data that is being processed by a data controller. A data controller could be the individual's bank, doctor, hospital, employer, etc. The data may be stored and processed on computer or in paper documents stored in a "relevant filing system".

It has generally been held that, if an employer receives a request for disclosure, it is necessary to trawl through all of the employer's computerised and paper files, wherever they are stored, and extract the relevant data and documents. One of the key purposes of the Act is to protect a data subject's rights to the privacy and accuracy of that individual's personal data held by data controllers. Meeting those rights can involve the employer in considerable work and may create problems where the disclosure of documents would breach the privacy of other data subjects.

The decision of the Court of Appeal on 8 December 2003 in the case of Durant -v- Financial Services Authority clarifies

  • the nature of the personal data that must be disclosed
  • what is meant by a "relevant filing system", and
  • the need to "redact", or edit, the personal data before providing it to the applicant.

Although the judges in this case expressed the view that Mr. Durant's demands by way of disclosure were excessive and that much of what he requested could not be described as personal data, the general and realistic guidance given in the judgement for data controllers is invaluable.

The background
Mr. Durant applied on a number of occasions to the Financial Services Authority (FSA) for disclosure of information of data related to a legal case that he took against his bank and lost. He believed that the FSA had information and documents that the bank had provided to the FSA. The FSA supplied some electronically-stored documents, some of which were redacted so as not to show information about third persons, but refused to provide copies of paper documents, arguing that they were not personal data within the meaning of the Act.

The statutory definitions
The right of access to personal data is set out in sections 6 and 8 of the Act. The definitions that are relevant to this case are as follows:

Data: information that is processed automatically by computer but includes information that
"is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system."

Relevant filing system: any "set of information" which, although not processed on computer,
"is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible."

Personal data:
"data which relate to a living individual who can be identified—

  1. from those data, or
  2. from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
    and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual."

The right of access to personal data:
"7(1) …an individual is entitled -

  1. to be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller,
  3. to have communicated to him in an intelligible form -
    1. the information constituting any personal data of which that individual is the data subject, and
    2. any information available to the data controller as to the source of those data, and

7(4) Where a data controller cannot comply with the request without disclosing information relating to another individual who can be identified from that information, he is not obliged to comply with the request unless—
  1. the other individual has consented to the disclosure of the information to the person making the request, or
  2. it is reasonable in all the circumstances to comply with the request without the consent of the other individual.

7(5) In subsection (4) the reference to information relating to another individual includes a reference to information identifying that individual as the source of the information sought by the request; and that subsection is not to be construed as excusing a data controller from communicating so much of the information sought by the request as can be communicated without disclosing the identity of the other individual concerned, whether by the omission of names or other identifying particulars or otherwise.

7(6) In determining for the purposes of subsection (4)(b) whether it is reasonable in all the circumstances to comply with the request without the consent of the other individual concerned, regard shall be had, in particular, to—

  1. any duty of confidentiality owed to the other individual,
  2. any steps taken by the data controller with a view to seeking the consent of the other individual,
  3. whether the other individual is capable of giving consent, and
  4. any express refusal of consent by the other individual.

8(2) The obligation imposed by section 7(1)(c)(i) must be complied with by supplying the data subject with a copy of the information in permanent form…"

 The order in which these definitions are applied is important. Before any decision as to disclosure of paper documents that contain personal data is made, the data controller must consider whether or not the data is recorded as part of a "relevant filing system". If not, there is no right of disclosure.

Court of Appeal decisions

The issues considered by the Appeal Court and the Court's conclusions were as follows:

Personal data:

  1. The right to disclosure of personal data is not a right to be given original or copy documents as such, but with information in intelligible and permanent form. This may be provided in documents prepared specially for the purpose or, if convenient, in the form of copies of original documents that have been redacted if necessary to remove matters that are not personal data.
  2. The purpose of the right to disclosure is to enable the data subject to check whether the data controller's processing unlawfully infringes his privacy. It is not an automatic key to any information, readily accessible or not, about matters in which he may be named or involved.
  3. As the focus of the Act is on ready accessibility of the information, it is likely in most cases that only information that names or directly refers to the data subject will qualify. However, not all information retrieved from a computer search against the data subject's name or unique identifier is personal data within the Act. Mere mention of the data subject in a document does not turn that document into personal data. Whether it does so in any particular case depends on its relevance or proximity to matters related to the data subject.
  4. The tests as to whether data is personal or not are:
    • the information must be of a nature that affects the data subject's privacy, in respect of his personal or family life, business or professional capacity
    • the information must be biographical in a significant sense, i.e. going beyond information about an event in respect of which the data subject's privacy could not be said to be compromised
    • the information should be specifically about the data subject, rather than some other person with whom he may have been involved or some transaction or event in which he may have figured or have had an interest.

(Mr. Durant lost his case based on this interpretation of "personal data". The information he was seeking was not personal data because it related to a matter in which he was involved, not information that was specific to him and his privacy.)

Relevant filing system

  1. The statutory definition of a "relevant filing system" is intended to provide, as far as possible, the same standard or sophistication of accessibility to personal data in manual filing systems as to computerised records. It contemplates an arrangement of paper data in a form similar to that which a computer would use to process the same information. It must be possible, before starting a search, for the information to be located without having to make a manual search.
  2. A "relevant filing system" is limited to a system
    • in which the files forming part of it are structured or referenced in such a way as to indicate clearly at the outset of the search whether the system holds information capable of amounting to personal data and, if so, in which file or files it is held; and
    • that has, as part of its own structure or referencing mechanism, a sufficiently sophisticated and detailed means of readily indicating whether and where in an individual file or files specific criteria or information about the data subject can be readily located.
  3. If the search involves looking at all of the documents in a file, possibly at great length and cost, and fruitlessly, to see whether it contains information about the data subject, and then whether that information is personal data, the file and its documents cannot be said to be part of a "relevant filing system".
  4. For example, a file about a certain matter that includes a divider bearing the applicant's name and that contains a variety of documents stored in date order, even if that file is part of larger filing system where each file bears an individual's name, does not necessarily mean that it constitutes a "relevant filing system". It is not a question of whether the information could be obtained or even whether the information could be obtained easily. The question is whether it is structured in such a way that specific information relating to a particular individual is readily accessible, i.e. without having to search manually through every document.

Comment: These interpretations of "relevant filing system" are significant in the context of manual employee record files. Whether such a file contains personal data that is disclosable in the event of a request for disclosure depends on whether

  • it is possible to identify a file as likely to hold personal data about the applicant, which would normally be the case for employee record files that are stored in alphabetical or numerical order, and
  • it is possible, within the applicant's employee file, to find the specific personal data requested without having to search through every document.

The second of these points is, therefore, critical. If employees' files are properly structured so that documents in each file are sorted under clear headings, e.g. personal information, job information, salary history, sick notes, disciplinary records, training records, etc., the file would be part of a "relevant filing system". On the other hand, if the file is simply treated as a place to store every piece of paper relating to the employee, probably in date order as each document is put on top of all of the others, that file is unlikely to be part of a "relevant filing system". To find a specific piece of information, it would be necessary to look at and analyse every document.

This Appeal Court interpretation creates the anomalous situation where the contents of employee files are disclosable if the file is properly structured and maintained but not if it is acollection of unsorted and possibly irrelevant documents. However, it would be unwise for employers to deliberately neglect to maintain their employee files in order to avoid disclosure. A court may, in a specific case, decide that, even though the file is unsorted, it is still easy to find documents of a certain type. It would be good practice to maintain paper files properly, not only to ensure that they are of practical use to payroll and personnel staff, but also that they only contain relevant documents that would cause no embarrassment if they were disclosed.

Redaction

  1. A data controller may not simply use the fact that a document refers to a third party as grounds for refusing to disclose it. The document must be redacted, or edited, so as to provide the personal data sought without disclosing the identity of the third party.
  2. In deciding whether information in a document needs to be redacted in order to remove references to another individual who can be identified from the personal data to be disclosed, the issues are:
  • Is the information about any other individual necessarily part of the personal data that the data subject has requested? If not, and the data controller chooses to provide the information sought by providing a copy of a document, he may simply remove the third party information because it is not a necessary part of the data subject's personal data.
  • If information about the third party necessarily forms part of the personal data sought, the data controller must decide whether the third party's permission to disclose must be obtained first or whether to disclose without that information. If the existence of the third party information is critical to the legitimate protection of the data subject's privacy, perhaps because the third party was the source of the personal data and the data subject needs to take action to correct some damaging inaccuracy, the employer may decide to disclose the information without the third party's prior consent. On the other hand, the data controller may have an obligation of confidentiality to the third party or some other sensitivity may exist, obliging the employer to seek prior consent and, if that is not forthcoming, to redact the documents accordingly.
Source: www.courtservice.gov.uk/judgmentsfiles/j2136/durant-v-fsa.htm

Top Index of Payroll & HR Articles - Specific to UK Send E-mail Home Page








Payroll & Human Resources - PayPerShop Logo For Payroll and Human Resource Professionals

UK Payroll & HR US Tax Resources Worldwide Payroll & HR
Google
Home Contact

Copyright © 2006 PayPerShop Ltd - Payroll, Human Resources (HR) & Payroll Taxes


Popular UK Pages:
UK Payroll News Categories | Payroll & HR Events - Photos | Payroll | UK Payroll Software A-Z | Payroll Software Downloads | Payroll Question | Payroll Search / Swicki | Deductions From Wages | UK Holiday Pay | National Insurance Numbers | Tax Codes | Employed or Self-Employed | Data Protection | Identity Fraud | BACS Payment - BACSTEL-IP

Popular US Pages:
US Payroll Software A-Z | Income Tax Withholding | Prevailing Wages and Hours | US Minimum Wage | US Workers' Compensation | US Labor Standards | US Unemployment Insurance | US State Holidays / Legal Holidays