The Data Protection Act 1998 is policed by the Information Commissioner. At the time of writing, this post is held by Richard Thomas. His office is called the Office of the Information Commissioner. The Commissioner is also responsible for Freedom of Information.
Note: This role was previously called the Data Protection Registrar, then the Data Protection Commissioner.
The Commissioner is an independent supervisory authority and has an international role as well as a national one.
In the UK the Commissioner has a range of duties including the promotion of good information handling and the encouragement of codes of practice for data controllers, that is, anyone who decides how and why personal data, (information about identifiable, living individuals) are processed.
The Commissioner is responsible for holding and maintaining the Data Protection Register. This hold details of all data controllers, the types of data they hold, the purpose(s) for holding the data, and the sources and destinations of the data.
The Commissioner's powers have been extended. They can force data controllers to comply with the law. If the Commissioner believes an enforcement notice will be inadequate, the data controller may be deregistered. Every year the Commissioner instigates dozens of legal actions.
One of the duties of the Information Commissioner is to prepare codes of practice that disseminate good practice. For example, how should employers handle records about the recruitment and selection of new staff? Can employers monitor staff e-mail traffic? If so, in what detail? Who needs to know about this? How can we satisfy the "tensions" between the Data Protection Act 1998, the Human Rights Act 1998 and the Regulation of Investigatory Powers Act 2000 (RIPA)?
Such publications are available here. In particular you might be interested in the code "Employment: Part 3 - Monitoring at work." (Requires pdf viewer.) (Both links correct as at 25 June 2003.)
The Information Commissioner issues codes of practice under Section 51 of the Data Protection Act. They don't replace or supercede the Act, but are designed to help interpret it in specific situations. Data Users may use alternative ways of meeting these requirements.
Any enforcement action would be based on a failure to meet the requirements of the Act itself, not the codes. However, the Information Commissioner is likely to cite relevant parts of the codes in any enforcement action.
What you read here is only a summary to introduce the concepts. You should not rely on it to build a legal case or safeguard your legal position. The University of Glamorgan and its employees cannot be held responsible for any legal or other redress due to errors in the notes. Seek professional legal advice before acting on what you read here.
|Other topics||Comments please to: firstname.lastname@example.org||© 1999, 2001, 2003, University of Glamorgan|