1
DATA PROTECTION REFORM OF THE DATA PROTECTION ACT In 1988 the Data Protection Registrar issued a consultation document seeking the views of data users and other interested parties as to the operation of the Act. The results of this exercise were published in the Registrar's Fifth Annual Report together with the Registrar's responses and a number of proposals for amendment to the legislation, these being submitted to a Government Inter-Departmental committee established under the auspices of the Home Office to consider the Act's operation. The next stage in what it is envisaged will be a continuing consultation process came with the organisation of a number of public meetings. One held in Edinburgh on the 26th October might be regarded as typical of the genre. Here, the Registrar and Deputy Registrar addressed an audience of some 50 persons. The first half of the meeting consisted of presentations describing the consultation process and the Registrar's subsequent proposals whilst the second gave the audience an opportunity to respond to the proposals and, more generally, to comment on their experiences of the legislation. Inevitably, concern at the nature and operation of the registration process constituted a major portion of the session. The prevailing view among those responding to the consultation document was that registration had been a difficult but manageable process although its relevance to small scale data users was obscure. These sentiments were shared by the Registrar. Significantly, he did not consider that the maintenance of registration was required under the European Convention. His report had identified a number of possible schema for reform, the two most favoured involving total abolition of the registration requirements or the establishment of a more restricted registration requirement. The former option appeared to attract most support in an audience consisting mainly of data users but, at what was stated to be an early stage of any reform process, the restricted registration option was favoured by the Registrar. This would require certain categories of users such as government departments, health authorities and financial institutions and those holding sensitive data to register. It was estimated that some 50,000 users might be required to register under such a system. Even for these users, the information required at registration would be reduced to a brief statement of sources and purposes. A further effect would be that the concept of multiple registration (at present one undertaking has some 3,500 register entries) would vanish. As was pointed out bythe Registrar, much of the present Act is founded on the concept of registration. The data protection principles, for example, are binding only on registered data users. Reform of the registration process would have to take this fact into account. The consultation exercise, however, had elicited unanimous backing for the principles and, on this basis it was considered that conformance could reasonably be required of all users whether registered or not. Such an approach would involve modification of certain of the accompanying interpretative provisions, in particular that relating to the third, non-disclosure, principle. From the individual's standpoint, the introduction of access rights is the most conspicuous feature of the legislation. During the first six months of access rights, it was estimated that 100K- 200K requests for access were submitted to users. In general, subject access was considered to be operating in a satisfactory fashion. Although the £10 maximum fee was still perceived as excessive by many subjects, a more significant deterrent was the possibility of multiple fees being charged in the event that a user had more than one entry on the Register. Adoption of either of the above proposals should eliminate this factor. An undesirable facet of subject access had been the practice of requiring data subjects to exercise subject access rights (principally relating to criminal records) and to supply the results to a third party - potential employers and some licensing authorities were specifically identified. It is proposed that such conduct should be made illegal. A further safeguard against abuse is contained in a further recommendation that users should be required to log, and periodically to report to the Registrar, instances in which they relied upon one of the statutory exemptions to wholly or partly deny a request for access. In an effort to further improve the Act's value to data subjects, the Registrar additionally proposes that he should be given power to include in an enforcement notice a direction that compensation should be paid to an affected subject. The grant of this extra discretionary power should be accompanied by the introduction of some provision allowing a subject to challenge inaction on the Registrar's part before the Tribunal although the procedure through which this might be accomplished had not yet been determined. The first years of the Data Protection Act have seen the introduction of a number of voluntary codes of practice. Whilst rejecting the introduction of statutory codes on the basis that their preparation would unduly dilute his resources, the Registrar has suggested that provision should be made for him to approve of a code's contents, in which case it should acquire legal status similar to that possessed by the Highway Code. Other matters under consideration included enhancement of the Registrar's investigative powers. This might include the imposition of an obligation on users to supply information to the Registrar upon receipt of a written request. Again, a lacunae has been identified in the existing provisions relating to the obtaining of evidence. In the event that the Registrar's officers are invited onto premises, this serves as a bar to the subsequent obtaining of a search warrant yet they have no powers of seizure during their stay on the premises. It is proposed that a power to seize evidence whilst lawfully on premises, equivalent to that currently possessed by police officers, should be extended to the Registrar's investigative officers. A final question raised by the consultation exerciseconcerned the propriety of the Registrar seeking to intervene in the policy field. The Registrar's task, it might be argued, is to enforce the legislation whilst policy decisions are for the legislature. Needless to say, this restrictive view is not shared by the Registrar but, for the avoidance of doubt, it is suggested that a specific remit should require the Registrar to monitor the legislation's operation. It is uncertain whether, or when, action will be taken on the Registrar's proposals. The Parliamentary session commencing in November 1990 has been mooted as the earliest possible date for the introduction of an amending statute. For the meantime, the reaction and experiences of the audience at the Data Protection 'Roadshow' may be considered encouraging, demonstrating widespread approval for the aims of the legislation and tolerance of the administrative burdens which compliance might involve. lan Lloyd Report Correspondent 18

Reform of the data protection act

Embed Size (px)

Citation preview

Page 1: Reform of the data protection act

DATA PROTECTION

REFORM OF THE DATA PROTECTION ACT In 1988 the Data Protection Registrar issued a consultation document seeking the views of data users and other interested parties as to the operation of the Act. The results of this exercise were published in the Registrar's Fifth Annual Report together with the Registrar's responses and a number of proposals for amendment to the legislation, these being submitted to a Government Inter-Departmental committee established under the auspices of the Home Office to consider the Act's operation. The next stage in what it is envisaged will be a continuing consultation process came with the organisation of a number of public meetings. One held in Edinburgh on the 26th October might be regarded as typical of the genre. Here, the Registrar and Deputy Registrar addressed an audience of some 50 persons. The first half of the meeting consisted of presentations describing the consultation process and the Registrar's subsequent proposals whilst the second gave the audience an opportunity to respond to the proposals and, more generally, to comment on their experiences of the legislation. Inevitably, concern at the nature and operation of the registration process constituted a major portion of the session. The prevailing view among those responding to the consultation document was that registration had been a difficult but manageable process although its relevance to small scale data users was obscure. These sentiments were shared by the Registrar. Significantly, he did not consider that the maintenance of registration was required under the European Convention. His report had identified a number of possible schema for reform, the two most favoured involving total abolition of the registration requirements or the establishment of a more restricted registration requirement. The former option appeared to attract most support in an audience consisting mainly of data users but, at what was stated to be an early stage of any reform process, the restricted registration option was favoured by the Registrar. This would require certain categories of users such as government departments, health authorities and financial institutions and those holding sensitive data to register. It was estimated that some 50,000 users might be required to register under such a system. Even for these users, the information required at registration would be reduced to a brief statement of sources and purposes. A further effect would be that the concept of multiple registration (at present one undertaking has some 3,500 register entries) would vanish. As was pointed out bythe Registrar, much of the present Act is founded on the concept of registration. The data protection principles, for example, are binding only on registered data users. Reform of the registration process would have to take this fact into account. The consultation exercise, however, had elicited unanimous backing for the principles and, on this basis it was considered that conformance could reasonably be required of all users whether registered or not. Such an approach would involve modification of certain of the accompanying interpretative provisions, in particular that relating to the third, non-disclosure, principle. From the individual's standpoint, the introduction of access rights is the most conspicuous feature of the legislation. During the first six months of access rights, it was estimated that 100K- 200K requests for access were submitted to users. In general, subject access was considered to be operating in a satisfactory fashion. Although the £10 maximum fee was still perceived as excessive by many subjects, a more significant

deterrent was the possibility of multiple fees being charged in the event that a user had more than one entry on the Register. Adoption of either of the above proposals should eliminate this factor. An undesirable facet of subject access had been the practice of requiring data subjects to exercise subject access rights (principally relating to criminal records) and to supply the results to a third party - potential employers and some licensing authorities were specifically identified. It is proposed that such conduct should be made illegal. A further safeguard against abuse is contained in a further recommendation that users should be required to log, and periodically to report to the Registrar, instances in which they relied upon one of the statutory exemptions to wholly or partly deny a request for access. In an effort to further improve the Act's value to data subjects, the Registrar additionally proposes that he should be given power to include in an enforcement notice a direction that compensation should be paid to an affected subject. The grant of this extra discretionary power should be accompanied by the introduction of some provision allowing a subject to challenge inaction on the Registrar's part before the Tribunal although the procedure through which this might be accomplished had not yet been determined. The first years of the Data Protection Act have seen the introduction of a number of voluntary codes of practice. Whilst rejecting the introduction of statutory codes on the basis that their preparation would unduly dilute his resources, the Registrar has suggested that provision should be made for him to approve of a code's contents, in which case it should acquire legal status similar to that possessed by the Highway Code. Other matters under consideration included enhancement of the Registrar's investigative powers. This might include the imposition of an obligation on users to supply information to the Registrar upon receipt of a written request. Again, a lacunae has been identified in the existing provisions relating to the obtaining of evidence. In the event that the Registrar's officers are invited onto premises, this serves as a bar to the subsequent obtaining of a search warrant yet they have no powers of seizure during their stay on the premises. It is proposed that a power to seize evidence whilst lawfully on premises, equivalent to that currently possessed by police officers, should be extended to the Registrar's investigative officers. A final question raised by the consultation exercise concerned the propriety of the Registrar seeking to intervene in the policy field. The Registrar's task, it might be argued, is to enforce the legislation whilst policy decisions are for the legislature. Needless to say, this restrictive view is not shared by the Registrar but, for the avoidance of doubt, it is suggested that a specific remit should require the Registrar to monitor the legislation's operation. It is uncertain whether, or when, action will be taken on the Registrar's proposals. The Parliamentary session commencing in November 1990 has been mooted as the earliest possible date for the introduction of an amending statute. For the meantime, the reaction and experiences of the audience at the Data Protection 'Roadshow' may be considered encouraging, demonstrating widespread approval for the aims of the legislation and tolerance of the administrative burdens which compliance might involve.

lan Lloyd Report Correspondent

18

DAVID C. SMITH NCAHU Health Care Reform 2010 Patient Protection and Affordable Care Act (PPACA)

DAVID C. SMITH NCAHU Health Care Reform 2010 Patient Protection and Affordable Care Act (PPACA)

Documents
Dodd-Frank Wall Street Reform and Consumer Protection Act · DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT (Pub. L. No. 111-203, 124 Stat. 1376) The following Table cross-references

Dodd-Frank Wall Street Reform and Consumer Protection Act · DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT (Pub. L. No. 111-203, 124 Stat. 1376) The following Table cross-references

Documents
Wrecking Ball Disguised as Reform--ALEC's Model Act on Private Enforcement of Consumer Protection Statutes

Wrecking Ball Disguised as Reform--ALEC's Model Act on Private Enforcement of Consumer Protection Statutes

Documents
Patient Protection Affordable Care Act (PPACA) Implementation of Health Care Reform

Patient Protection Affordable Care Act (PPACA) Implementation of Health Care Reform

Documents
The Patient Protection and Affordable Care Act: An ...3 ExEcutivE Summary The Patient Protection and Affordable Care Act (PPACA), often referred to as federal health care reform, is

The Patient Protection and Affordable Care Act: An ...3 ExEcutivE Summary The Patient Protection and Affordable Care Act (PPACA), often referred to as federal health care reform, is

Documents
The Dodd-Frank Wall Street Reform and Consumer Protection Act: … · 2018. 7. 10. · The Dodd-Frank Wall Street Reform and Consumer Protection Act (H.R. 4173, P.L. 111-203) was

The Dodd-Frank Wall Street Reform and Consumer Protection Act: … · 2018. 7. 10. · The Dodd-Frank Wall Street Reform and Consumer Protection Act (H.R. 4173, P.L. 111-203) was

Documents
Opportunities for LTC reform in the Patient Protection and Affordable Care Act (ACA)

Opportunities for LTC reform in the Patient Protection and Affordable Care Act (ACA)

Documents
Patient Protection and Affordable Care Act – A Health Reform Overview Presented by: Michele P. Madison, Esq

Patient Protection and Affordable Care Act – A Health Reform Overview Presented by: Michele P. Madison, Esq

Documents
Some comments on systemic risk and Dodd–Frank Act: Wall Street Reform and Consumer Protection Act by Krzysztof Ostaszewski

Some comments on systemic risk and Dodd–Frank Act: Wall Street Reform and Consumer Protection Act by Krzysztof Ostaszewski

Documents
Health Care Reform- Patient Protection Affordable Care Act ... · Health Care Reform- Patient Protection Affordable Care Act (PPACA) - Overview DESCRIPTION Healthcare Reform/Patient

Health Care Reform- Patient Protection Affordable Care Act ... · Health Care Reform- Patient Protection Affordable Care Act (PPACA) - Overview DESCRIPTION Healthcare Reform/Patient

Documents
COMPLIANCE › cardinalwebapps › pdf › docs...Credit Card Reform • Overdraft Protection • Dodd-Frank Wall Street Reform and Consumer Protection Act Dodd-Frank Act • Enacted

COMPLIANCE › cardinalwebapps › pdf › docs...Credit Card Reform • Overdraft Protection • Dodd-Frank Wall Street Reform and Consumer Protection Act Dodd-Frank Act • Enacted

Documents
Enterprise and Regulatory Reform Act 2013 · Enterprise and Regulatory Reform Act 2013 (c. 24)Part 1 — UK Green Investment Bank 2 (d) the protection or enhancement of biodiversity;

Enterprise and Regulatory Reform Act 2013 · Enterprise and Regulatory Reform Act 2013 (c. 24)Part 1 — UK Green Investment Bank 2 (d) the protection or enhancement of biodiversity;

Documents
Frank Wall Street Reform and Consumer Protection Act

Frank Wall Street Reform and Consumer Protection Act

Documents
The Dodd-Frank Wall Street Reform and Consumer Protection ...The Dodd-Frank Wall Street Reform and Consumer Protection Act, 12 U.S.C. 5301, et seq..(Dodd-Frank Act), among other things,

The Dodd-Frank Wall Street Reform and Consumer Protection ...The Dodd-Frank Wall Street Reform and Consumer Protection Act, 12 U.S.C. 5301, et seq..(Dodd-Frank Act), among other things,

Documents
Legal Reform of the Land Use Act: Protection of Private

Legal Reform of the Land Use Act: Protection of Private

Documents
Health Care Reform Patient Protection and Affordable Care Act (PPACA)

Health Care Reform Patient Protection and Affordable Care Act (PPACA)

Documents
Dodd-Frank Wall Street Reform and Consumer Protection Act€¦ ·

Dodd-Frank Wall Street Reform and Consumer Protection Act€¦ ·

Documents
REFORM OF THE ENVIRONMENTAL PROTECTION ACT 1986 (WA ... · The Environmental Protection Act 1986 (WA) (EP Act) came into force over 30 years ago and is in urgent need of reform to

REFORM OF THE ENVIRONMENTAL PROTECTION ACT 1986 (WA ... · The Environmental Protection Act 1986 (WA) (EP Act) came into force over 30 years ago and is in urgent need of reform to

Documents
DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT · PUBLIC LAW 111–203—JULY 21, 2010 DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT anorris on DSK5R6SHH1PROD

DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT · PUBLIC LAW 111–203—JULY 21, 2010 DODD-FRANK WALL STREET REFORM AND CONSUMER PROTECTION ACT anorris on DSK5R6SHH1PROD

Documents
Social Protection Reform

Social Protection Reform

Documents
Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 – Title X - Consumer Financial Protection Bureau August 2010

Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 – Title X - Consumer Financial Protection Bureau August 2010

Documents
Understanding the New Financial Reform … · Understanding the New Financial Reform Legislation: The Dodd-Frank Wall Street Reform and Consumer Protection Act July 2010

Understanding the New Financial Reform … · Understanding the New Financial Reform Legislation: The Dodd-Frank Wall Street Reform and Consumer Protection Act July 2010

Documents
Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 – Title X - Consumer Financial Protection Bureau

Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 – Title X - Consumer Financial Protection Bureau

Documents
Health Reform Patient Protection and Affordable Care Act

Health Reform Patient Protection and Affordable Care Act

Documents
Extractive Industries Transparency Initiative RIS€¦ · Web viewUnited States: Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) The Dodd-Frank Act passed

Extractive Industries Transparency Initiative RIS€¦ · Web viewUnited States: Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) The Dodd-Frank Act passed

Documents
The 4 CFPB Final Rules of the Dodd-Frank Wall Street Reform and Consumer Protection Act

The 4 CFPB Final Rules of the Dodd-Frank Wall Street Reform and Consumer Protection Act

Documents
Consumer Financial Protection Bureau - Fair …...The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) established the Bureau’s mission to include both

Consumer Financial Protection Bureau - Fair …...The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) established the Bureau’s mission to include both

Documents
The Patient Protection and Affordable Care Act Our Healthcare Reform Law

The Patient Protection and Affordable Care Act Our Healthcare Reform Law

Documents
Land Reform Act

Land Reform Act

Documents
Bureau of Consumer Financial Protection - GPO · Bureau of Consumer Financial Protection ... Reform and Consumer Protection Act, Congress required that for residential mortgages,

Bureau of Consumer Financial Protection - GPO · Bureau of Consumer Financial Protection ... Reform and Consumer Protection Act, Congress required that for residential mortgages,

Documents