As the previous post indicates, the Data Protection Act is all too often used as an excuse not to tell people something, even when those people have the right to know the information requested.
The Information Commissioner's Office put out a press release last year to tell everyone that most of these excuses are UTTER RUBBISH.
Here it is in full:
To mark this year’s 1 April celebration of all things foolish, the Information Commissioner’s Office (ICO) is urging organisations not to hide behind the Data Protection Act unnecessarily when dealing with individuals.
The ICO’s call comes as it continues to encounter incidents where data protection is wrongly used by organisations as a reason for refusing to give out any personal information or for preventing them from dealing with certain types of enquiries.
The most bizarre being an incident involving a young lady who was refused service from a clothes shop after she requested a shop assistant to check if another store had her size in a bikini. The shop assistant refused - citing the Data Protection Act.
David Smith, Deputy Commissioner at the Information Commissioner’s Office, said: “Using data protection as a reason to refuse to check if another store stocks a different size is not only absurd, but wrong. All too often we hear of cases where organisations have not properly thought through whether they can respond to enquiries from individuals. As in this case, the store has simply said no and used data protection as a duck out. The Data Protection Act does not impose a blanket ban on the release of personal information. What it does do is require a common sense approach. It should not be used as an excuse by those reluctant to take a balanced decision. The Act plays a very important role in protecting all our personal information and gives us all important rights.
“Recent high profile data breaches have reinforced the value of the Data Protection Act which requires organisations to keep personal information accurate, up to date and secure. Data protection makes good business sense so it is in their own best interests for organisations to make sure they understand and use the Act correctly.”
Examples of data protection myths include:
Myth – The Data Protection Act stops parents from taking photos in schools
Reality – Photographs taken purely for personal use are exempt from the Data Protection Act. This means that parents, friends and family members can take photographs for the family album of their children and friends participating in school activities and can film events at school. The Data Protection Act does apply where photographs are taken for official use by schools and colleges, such as for identity passes, and these images are stored with personal details such as names. Where the Act does apply, it will usually be enough for the photographer to ask for permission to ensure compliance with the Act. The Information Commissioner’s Office has issued practical guidance on this issue.
Myth – Under the Data Protection Act an insurance company cannot send out a claim form if it has been requested by someone other than the policy holder e.g. the policy holder’s wife
Reality - The Data Protection Act would not prevent an insurance company from sending out a claim form if it has been requested on behalf of the policy holder. We would expect staff working in the insurance company to take a common sense approach.
Myth – The Data Protection Act stops parents from finding out their children’s exam results
Reality - An 11 year old girl who sat her flute exam but was unable to find out her result. The board cited the Data Protection Act and said that only the person who made the application, the flute teacher, could see the results. The original article resulted in several letters in the press blasting the Act.
The Information Commissioner’s Office has issued practical guidance on the publication of exam results. The Act does not prevent the exam board from giving results to the student or her mother. An exam board could ensure that the information is disclosed to the right person by sending it to the student’s home address. It is clearly unfair and unnecessary that the student’s mother in this case had to make a subject access request to discover her daughter’s exam results – but at least data protection access rights made sure she got the information to which she was entitled.
Myth - The Data Protection Act prevents priests from naming sick parishioners during church prayers
Reality – It was reported that priests within the Roman Catholic Church were told to stop praying for sick parishioners by name for fear that they may be prosecuted under the Data Protection Act. The Data Protection Act mainly covers personal information held electronically. It is unlikely that this sort of information about members of the local congregation would be held on computer or in a complex paper filing system and so it wouldn’t be covered by the Act. Even if the information was covered by the Act, it would not prevent the name of a sick member of the congregation being read out if the individual concerned was happy for this to happen. However, if someone had specifically asked not to be mentioned by name in prayers, or the priest thought it likely they would not be happy with this, then the priest, who owes duties of care and confidentiality to parishioners, would respect their wishes.
Sunday 24 January 2010
28 days for no tax disc
As I write this début post for this blog, the theory of "Free Man on the Land" is being tested in practise. Big time.
At 9.30am on Friday 22 January 2010, men in black suits knocked on the door of the Harrison family in Leicestershire.
The men in black suits were court bailiffs who had come to see Richard of that family and, when someone in that house refused to give his name to them, they arrested him, took him straight to court and sentenced him to 28 days in prison.
Richard's "crime" was to unregister his car with the DVLA. Not, as some may suggest, just to shirk the payment of 70 measly quid, but to contract himself out of the tyranny of rule by statute (as opposed to common law). His car had subsequently been seized, he challenged the policy enforcers' right to do this in court. The arrest is apparently in connection with the court costs incurred by that case.
The full story behind all this is still unfolding at http://tpuc.org/forum/viewtopic.php?f=4&t=10036 but one concern that has emerged is that police staff repeatedly refused to tell the Harrison family of the arrested man's whereabouts when asked to do so, claiming that the Data Protection Act prevented them from doing so. This is a common excuse given by public officials and it has no basis in law.
Watch this space for updates...
At 9.30am on Friday 22 January 2010, men in black suits knocked on the door of the Harrison family in Leicestershire.
The men in black suits were court bailiffs who had come to see Richard of that family and, when someone in that house refused to give his name to them, they arrested him, took him straight to court and sentenced him to 28 days in prison.
Richard's "crime" was to unregister his car with the DVLA. Not, as some may suggest, just to shirk the payment of 70 measly quid, but to contract himself out of the tyranny of rule by statute (as opposed to common law). His car had subsequently been seized, he challenged the policy enforcers' right to do this in court. The arrest is apparently in connection with the court costs incurred by that case.
The full story behind all this is still unfolding at http://tpuc.org/forum/viewtopic.php?f=4&t=10036 but one concern that has emerged is that police staff repeatedly refused to tell the Harrison family of the arrested man's whereabouts when asked to do so, claiming that the Data Protection Act prevented them from doing so. This is a common excuse given by public officials and it has no basis in law.
Watch this space for updates...
Subscribe to:
Posts (Atom)