Data Protection
Confusion over apparent conflict between the Data Protection and Freedom of Information Acts is largely because each was drafted with different aims and in contrasting styles.
The Data Protection Act is primarily concerned with personal data on computers. Because it was important to clarify and update the legislation to keep pace with technology, the 1998 Act supercedes earlier legislation laid before Parliament in 1984.
It was also necessary to take account of and be consistent with the provisions of the Freedom of Information Act, which was being formulated at the same time. The FOI Act makes some amendments to the Data Protection Act, and the Data Protection Registrar/Commissioner became the Information Commissioner responsible for both sets of legislation.
The Freedom of Information Act is very widely drawn, covering all information in whatever form, but only applicable to the public sector. On the other hand, the Data Protection Act is targeted solely at personal data held on computer or other systematic filing systems, and applies to any organisation.
For example, a local authority will have tens if not hundreds of thousands of documents, some of which will contain personal data. Individuals have the presumed right of access to all these documents with the exception of personal data.
The Act is concerned with personal data about living individuals. Data is considered personal if an individual can be identified, e.g. by name, address, email or any other uniquely distinguishing information.
There is a little known provision covering the use of CCTV - which could be of significance to any individuals who become a subject of surveillance. Those who manage or process personal data - individuals or organisations - are defined as data controllers. As such, they have a duty to register under the Act. In fact its provisions bind them whether registered or not. Importantly, having data processed overseas does not exempt UK organisations.