Data Protection Vs Freedom of Information: Access and Personal Data

The Freedom of Information Act (FOI) was a milestone in UK legislation and, for the first time, the lid was legally lifted on a lot of what the UK government was doing in the name of the citizens of the country. While the FOI applies only to public sector organisations, it covers a wide range of information. The Data Protection Act, which applies equally in both the public and private sector, had already given individuals the right to find out what information was being held about them, and to insist on having that information kept accurate and up to date. Of course, the Data Protection Act also placed an obligation on organisations to protect the personal data of those people about whom they collected this information and to ensure that this data was not disclosed, either deliberately or accidentally, to anyone not entitled to see it. Clear and practical guidance for data governance professionals Inevitably, information that could and should be disclosed pursuant to a freedom of information enquiry could quite conceivably also contain information that the data controller must protect and herein lies a challenge for those in the public sector. Data management frameworks must be designed with two apparently contradictory objectives in mind: ensuring that information that might have to be disclosed pursuant to an FOI enquiry can quickly be found and provided, while simultaneously ensuring that personal data that has to be protected remains protected. This is a key data governance issue and, until now, there has been little useful guidance on how to tackle this issue for those charged with designing processes and infrastructure that meets these two sets of legal requirements. This pocket guide focuses on and addresses this critical issue, providing clear and practical guidance for data governance professionals on how to resolve this conundrum.