Freedom of information, data protection and the role of the ICO: an update Anne Jones Assistant Commissioner (Wales) One Voice Wales Annual Conference 5 October 2013
Overview 1. The ICO‟s role 2. Freedom of Information Act – basics 3. FOI – good practice tips 4. Data Protection Act – basics 5. DPA – good practice tips 6. How the ICO can help 7. Questions?
1. The ICO’s role • UK independent supervisory body reporting directly to Parliament • One office, four locations • Oversees and enforces:- – Data Protection Act 1998 – Freedom of Information Act 2000 – Environmental Information Regulations 2004 – Privacy and Electronic Communications Regulations 2003 • Advice, complaints handling, enforcement
2. Freedom of Information Act – basics • Right of access to official information held by public bodies • Two duties of public authorities:- – Produce a publication scheme (a guide to the information you regularly publish) – Deal with individual requests for information within 20 working days (subject to exemptions) • Why is it important? • Future changes?
3. FOI – good practice tips • Recognise an information request! • Know what you hold and where to find it • Know how to respond to a request • Talk to the requester (duty to “advise and assist”) • Take care if information includes details of other individuals • Is it environmental information ? • Only held in the Welsh language?
FOI – good practice tips (cont.) • Information or documents? • Be familiar with the key exemptions • Use of section 14 exemption ( vexatious and repeated requests). Consider:- • Disproportionate burden • Level of disruption, irritation or distress • Serious purpose/legitimate motivation • Wider public interest/objective value
A word to councillors… Individual councillors are not public authorities for the purposes of FOI…. .…but are data controllers for the purposes of the DPA
4. Data Protection Act – basics: those eight principles Personal data has to be:- 1. Processed fairly and lawfully 2. Obtained only for one or more specified purposes 3. Adequate, relevant and not excessive 4. Accurate and up-to-date 5. Not kept for longer than necessary 6. Processed according to the individual‟s rights 7. Kept secure 8. Not transferred outside EEA unless adequate protection
5. DPA – good practice tips • Lessons from advisory visits and audits • Think – what personal data do you hold and how do you hold it? • Who has access to that personal data? • Adequate security for manual files • Adequate technical measures • Physical and building security
DPA – good practice tips (cont.) • Procedures in place, eg retention schedules • Would you recognise a subject access request? • Beware email „auto - complete‟ and pre - programmed fax numbers • Data in transit? Trains, bus shelters, pubs and backs of cars…
6. How the ICO can help • Printed guidance and other resources:- • FOI & EIR: Hints for Practitioners • Guide to Data Protection • Guide to Freedom of Information • Training DVDs • Guidance on specific topics, eg subject access requests • ICO website • Helpline • Bespoke awareness-raising? • Get in touch!
www.ico.org.uk
Contact us:- Information Commissioner’s Office (Wales) 2 nd Floor Churchill House Churchill Way Cardiff CF10 2HH Tel: 029 2067 8400 wales@ico.org.uk Subscribe to our e-newsletter at www.ico.org.uk, or find us on:- www.twitter.com/iconews
Recommend
More recommend
