The purpose of the Data Protection Act 1998 is to give individuals rights over their personal data and to protect individuals from the erroneous use their personal data. The Act also requires anyone who handles an individual’s personal data to comply with a number of important principles and legal obligations.
The Act gives rights to living individuals about whom information is recorded. They are entitled, upon making an access request, to be supplied with a copy of any information held about them. They also have the right to challenge the processing of their personal data and to claim compensation if they suffer loss or damage because of inaccurate information or inappropriate disclosures.
The Data Protection Act 1998 gives individuals the right to know what information is held about them. The Act works in two ways:
It states that anyone who processes personal information must comply with the eight principles; and
It provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.
The eight principles are, the personal data shall be collected and processed fairly and lawfully, be obtained only for the specific and lawful purposes described in the register entry, and shall not be further processed in any manner incompatible with that purpose or those purposes, be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are held, be accurate and, where necessary, be kept up to date, be held no longer than is necessary for the registered purpose, be processed in accordance with the rights of the data subjects under the Act, be held under secure conditions, together appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of; or damage to personal data, not be transferred to a country or territory outside the European Economic Area, unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Processing of personal data for the following purposes are exempt from the Data Protection Act 1998.
- Personal data required or held on the grounds of National Security
- Personal data publicly available by law
- Personal data held for personal, domestic and recreational purposes
- Personal data held by an unincorporated members club
- Exemptions from the Restrictions on Disclosure
- Exemptions from the Data Protection principles under the Act
The University students and staff are required to comply with the Data Protection Act 1998. The Act creates a number of criminal offences. These include offences related to notification; enforced subject access; obtaining and disclosing offences; procuring and selling offences; other offences. The Act will impose personal liability on individuals if the University commits an offence attributable to their consent or neglect.
The purpose of Freedom of Expression Act 2000 is to give individual rights of access to information held by or on behalf of public authority.
The Freedom of Information Act creates a statutory right for access to information in relation to bodies that exercise functions of a public nature. Three different kinds of bodies are covered under the act. Public Authorities, publicly owned companies and designated bodies performing public functions. a full list of “public authorities” for the purposes of the act is included in Schedule 1. The list includes government departments, the Houses of Parliament, the Northern Ireland Assembly, the Welsh Assembly, the armed forces, local government bodies, National Health Service bodies, schools, colleges and universities, police authorities and Chief Officers of Police are included within this list, which ranges from the Farm Animal Welfare Council to the Youth Council for Northern Ireland. A few of them are excluded such as intelligence service. In relation to publicly owned company, S6 provides that a company is publicly owned if:
(a) it is wholly owned by the Crown, or
(b) it is wholly owned by any public authority listed in Schedule 1 other than
(i) a government department, or
(ii) any authority which is listed only in relation to particular information.
Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.
The act creates a general right of access, on request, to information held by public authorities. On receipt of a freedom of information claim a public authority has two corresponding duties. First, a duty to inform a member of the public whether or not it holds the information requested (s1(1)(a)), and second if it does hold that information, to communicate it to the person making that request (s1(1)(b)).
Although the Act covers a wide range of government information, the act contains a variety of exemption. Two forms of exemption are present, “Absolute” exemptions that are not subject to any public interest assessment, they act as absolute bars to the disclosure of information and “qualified” exemptions where a public interest test must be made, balancing the public interest in maintaining the exemption against the public interest in disclosing the information.