Out-Law / Your Daily Need-To-Know

Out-Law News 4 min. read

Information Commissioner clarifies data protection law


New measures from the Information Commissioner, Richard Thomas, aim to help organisations interpret the Data Protection Act, recently cited by the police as the reason for failing to keep details on Ian Huntley and by British Gas for failing to alert social services to vulnerable pensioners.

In December, Humberside police blamed the Act for their failure to keep details of nine separate allegations against Ian Huntley, the convicted murderer of schoolgirls Holly Wells and Jessica Chapman.

Mr Thomas is quoted in The Guardian today saying:

"It's for the police to decide what purposes they're holding information for, and as long as they are holding it for legitimate purposes, such as the investigation or prevention of crime, they can hold information in some cases for a very long time indeed."

Humberside police had said that the Act required forces to delete information about suspects that had not led to a conviction. However, the Code of Practice for Data Protection, as published by the Association of Chief Police Officers (ACPO) in 1995 – the version of the Code that applied at the relevant time in Huntley's case – did not say this.

In the case of British Gas, the company disconnected the supply of gas to George Bates, 89, and his 86-year-old wife Gertrude, due to an unpaid bill. Before it could do this, it had to send a welfare officer to their house. It did so, and Mr and Mrs Bates were offered the chance to be added to a priority list to receive care. They refused to give their consent to this and, many weeks later, their bodies were found in a decomposed state at their home. On Monday, coroner Dr Paul Knapman recorded a verdict of death by natural causes.

In the absence of consent and because sensitive personal data were involved, the only grounds under the Act that would have let British Gas contact others to seek help for Mr and Mrs Bates would be if it was in their "vital interests". The weather was temperate and the couple were in reasonable health when the gas supply was cut off – so British Gas said they had no reason to believe the couple were vulnerable.

The Information Commissioner's Office (ICO), which has various responsibilities under the Act, has responded with the following measures to help organisations:

strengthening the Data Protection Helpline to ensure swift assistance for organisations who are concerned about problems interpreting the Data Protection Act;

developing more practical and user friendly guidance for organisations;

a renewed call for responses to the ICO's 'Making Data Protection Simpler' consultation originally announced in the summer of 2003; and

a commitment to plain English in all ICO communications, avoiding wherever possible phrases such as "data subject" and "a Schedule 2 basis for processing".

In a statement today, the ICO said:

"The ICO already works closely with a range of businesses and representative bodies to develop appropriate guidance where required. However, it is unrealistic for the ICO to prepare guidance for every eventuality. Therefore organisations will still be expected to seek their own legal advice, check existing ICO guidance and make their own decisions. But ICO staff will be available to provide guidance where organisations genuinely believe that the results would offend common sense."

Commenting on today's announcement, Mr Thomas said:

"It is ridiculous that organisations should hide behind data protection as a smokescreen for practices which no reasonable person would ever find acceptable.

"People value their privacy and do not want their lives damaged because excessive or inaccurate information is held about them. Legal action under data protection law has helped put a stop to individuals' creditworthiness being judged on the bad debts of unrelated people who have lived at the same address. Individuals are told more and have greater control over what can happen to their information, the 'opt out box' is a common feature of forms, and for the first time individuals can now stop their electoral registration details being bought by others and used for wider purposes.

"Data protection law stands in the way of a surveillance society where government and commercial bodies know everything about everybody. It helps to prevent the growing problems of identity theft and the buying and selling of personal information. The data protection principles are largely matters of common sense and fairness but data protection can never be a set of detailed Do's and Don'ts. Organisations must use their own judgement to balance what they want or need to do against the need to safeguard the privacy of individuals and to ensure their personal information is handled properly.

"Last year the Data Protection Act was described in the Court of Appeal as 'a cumbersome and inelegant piece of legislation'. I agree. But no-one should forget that people care deeply that their privacy and personal information should be properly respected. The initiatives I have announced today will help organisations to comply with data protection principles in sensible ways and stop anyone ever again using data protection as a false excuse for their own short-comings."

Shelagh Gaskill, a partner with Masons and an expert in data protection law, said:

"If you're a data protection officer and worried about misinterpreting the Act in a way that could make your organisation feature in the next headlines, the key is to get training. Fortunately there are now many places to get it, and today's announcement of additional support from the Information Commissioner is good news for all organisations."

Masons operates its own data protection training courses and offers a helpline for organisations. For more information, click here. Details of this month's Update Sessions in Data Protection are in this PDF

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.