Key legislation - Information legislation
The Information Commissioner's Office is an independent official body whose role is to oversee all information legislation, including promoting access to official information and protecting personal information. All public and private organisations are legally obliged to protect any personal information they hold. Public bodies are also obliged to provide public access to official information. Information legislation protects the human rights of people using services by ensuring information about individuals is:
- held only with consent
- held securely
- shared only on a 'need to know' basis
- accessible to them.
Data Protection Act 1998
Confidentiality of information is a key part of maintaining dignity for those using health and social care services. The Data Protection Act (DPA) 1998 requires public bodies and their data controllers to comply with a range of data protection principles. There are some limits on confidentiality and these apply where there is a risk of harm to other people.
Data controllers are people and organisations that decide how and why personal data is processed. 'Personal data' refers to information relating to an identified or identifiable living individual, which is processed automatically (including information processed on a computer) or recorded manually as part of a filing system or part of an accessible record. This will include records such as social services files. Processing covers anything done in relation to such data, including collecting it, holding it, disclosing it and destroying it. The eight data protection principles are key to understanding the Act. These are that data must be:
- fairly and lawfully processed – in line with common law principle of confidentiality, Article 8 (HRA) the right to respect for private and family life and the principles of administrative law. Processing must not be outside the authority of the organisation or contrary to statutory provisions
- processed for limited purposes - It should be clear what that purpose of holding the information is and the information should only be used for that purpose
- adequate, relevant and not excessive
- secure - non-authorised people should not be able to get access to the information.
- not kept longer than necessary
- processed in accordance with the data subject's rights – these are set out in Schedules 2 and 3 of the Act
- not transferred to other countries without adequate protection.
Freedom of Information Act 2000
The Freedom of Information Act (FoIA) 2000 provides statutory rights for members of the public requesting information. Under the Act any member of the public is able to apply for access to information (unless that information is covered by exemptions) held by a wide range of public bodies, including local authorities and hospitals. The FoIA imposes a duty on public bodies to adopt schemes, which must be approved by the Information Commissioner, for the publication of information.