Book contents
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
13 - Compliance, the Information Commissioner and the Information Tribunal
Published online by Cambridge University Press: 09 June 2018
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
Summary
Introduction
In 1984 the role of Data Protection Registrar was created. This role continued under the Data Protection Act 1998, although the title was changed to that of Data Protection Commissioner (section 6). In 2000 with the introduction of the Freedom of Information Act, the title was changed again – to encompass the other two elements of information rights legislation – to that of Information Commissioner (Freedom of Information Act section 18). The title of the Data Protection Tribunal continued from 1984 until 2000, when it too had a name change, to that of Information Tribunal (FOIA 2000, s. 18).
Compliance does not involve just these two authorities, as there are issues that will be dealt with by the public authority itself and others that need reference to the courts.
The role of the Commissioner is not only to administer and police the legislation but also to advise and assist authorities in its application. His office is not a government department or agency but completely independent, although finance is still received from the Ministry of Justice.
Compliance
Enforcement of all sections of the legislation is carried out by the Information Commissioner and failure to comply with his notices can be an offence.
Under the Freedom of Information Act there is only one criminal offence – that of changing, amending or removing data after a request has been made (section 77). The Environmental Information Regulations adds a further offence, that of obstructing the execution of a warrant.
There are considerably more offences under the Data Protection Act: processing data without it being on the register; failure to notify changes to the notification (section 21); and knowingly or recklessly obtaining or using data without consent of the data controller (section 55), to mention but two sections. Penalties are a fine, currently to a maximum of £5000, for each occasion there is a breach, plus the possibility of costs (section 60); or a period of imprisonment (as amended in 2007). It is also an offence to require that an individual provide ‘relevant records’ as a condition of employment or as a condition of contract (section 56). The Act describes relevant records as convictions or cautions issued by the police or the DHSS. The Act also voids any contract which requires a person to supply information they have obtained under section 7 of the Data Protection Act or any health record (section 57).
- Type
- Chapter
- Information
- Information Rights in PracticeThe non-legal professional's guide, pp. 135 - 144Publisher: FacetPrint publication year: 2008
- 1
- Cited by