News
Guidance on what is personal data for the purposes of the Data Protection Act 1998 (DPA 1998) has been published by the Information Commissioner’s Office (ICO).
The guidance note, Determining What is Personal Data, is designed to help data practitioners decide whether data falls within the definition where this is not obvious. Only data falling within the definition is subject to the rules of good information practice imposed by DPA 1998.
Phil Jones, assistant commissioner at the ICO, says: “We have recognised for some time the need to provide more help to those who have to make difficult decisions on whether data is subject to DPA 1998. In many cases it will be obvious that data relates to, or is about, an individual. However, this is not always the case. The guidance relies heavily on examples to illustrate circumstances when data relates to an identifiable, living individual.”
He says the definition of personal data is important to public authorities responding to access requests made under the Freedom of Information Act 2000 (FIA 2000). This provides that where an access request is made to information that is the personal data of the requester that the request is handled as a subject access under DPA 1998.
FIA 2000 also provides that where the information requested is personal data about an individual other than the requester that the personal data should not be released if the release would involve a breach of data protection rules.