public sector

Both the Data Protection Act and the Freedom of Information Act have strong implications for the public sector, in some cases more so than for the private sector.

The Data Protection Act defines what can be classed firstly as data, and secondly as personal data. Under the Act, there are additional categories relevant to education, health, social care, and other public accessible records. These additional categories increase the remit of public sector bodies in terms of their responsibilities to protect data and to respond to subject access requests when they are made.

The Freedom of Information Act added an additional category of data to the definitions within the Data Protection Act. This category covers data not held in any of the other categories, and can even include pieces of scrap paper, if they contain the personal data of a data subject.

The Freedom of Information Act also introduced rights to make requests for information (not necessarily your own), e.g. to find out the salary of the Chief Executive of a public organisation. In cases like these, individual assessments should be made as to whether the information should be released. Where requests are denied, it is considered best practice to outline the reasoning behind the decision in your response.