340 likes | 367 Views
The Freedom of Information and Data Protection Legislation An Overview. Ann McKeon November 2016. Why was the Freedom of Information Act introduced ?. Develop a culture of openness, transparency and accountability
E N D
The Freedom of Informationand Data Protection Legislation An Overview Ann McKeon November 2016
Why was the Freedom of Information Act introduced? • Develop a culture of openness, transparency and accountability • Implemented in Government Departments April 1998-Health Boards/Local Authorities Oct 1998 etc. • Third Level Institutions - 1st October 2001
Entitlements: Students, Staff and the Public A legal right to: • Access official (corporate) records Access and amend, delete or correct your own personal records • Be given reasons for decisions which affect you from 1st October 2001 • Note: subject to exemptions
Implications of the Act For public bodies: • A legal obligation to publish information • A legal obligation to establish mechanisms for handling requests • A legal obligation to assist individuals to exercise their rights
Publications under the Act • Description of functions, structure, services, powers, classes of records held etc. • Web based • Purpose: assist individuals in exercising their rights under the Act
Publications under the Act • Internal rules, procedures, guidelines etc. used in the decision making process • Mainly web based • Purpose: assist individuals in exercising their rights under the Act
FOI Record Definition “The FOI Act states that a “record” includes “any memorandum, book, plan, drawing, diagram, pictorial or graphic work or other document, any photograph, computer record etc……..or thing in which information is held or stored and anything that is a part or a copy, in any form of any of the foregoing ….etc” (Includes emails – can be accessed under FOI) “Any record under the control of the university”
What records can be requested • Records created after Act commenced- 21st April 1998 • Student/public personal records regardless of when created • Staff records created after 21st April, 1995 • Earlier records if needed
Exempt/protected Records • Personal information from third party access • Information obtained in confidence • Commercially sensitive information • Functions and negotiations of public bodies Deliberations of public bodies Research and natural resources • “public interest test” “injury or harm test” to justify withholding
FOI Process • Decision maker: Initial decision within four weeks • Internal reviewer: seek review within four weeks - decision within three weeks • External review: seek review within six months • by Information Commissioner • binding decisions • Appeal to High Court and Supreme Court (point of Law only)
Maynooth University requests • Media requests • Staff requests • Public requests • Student requests
Impact • Records released routinely • Records of meetings/decisions published on web • Diminished culture of secrecy • Improved security of Data
Impact • Write objectively, support opinions with facts, ensure information is relevant to the matter • Document reasons for decisions and refer to policies in decision making • Records management (accurate recording, filing and retrieval) • Advise people of FOI rights and assist them in exercising their rights
Impact Record content • Avoid technical jargon (explain if necessary) • Keep language simple and concise • Sign and dates entries • Legible handwriting • Remove draft copies from files
FOI (Amendment) Act 2003 • €15 “up front” fee for an application for access to non personal records (€75 for Internal Review, €150 for external review) • Does not apply to applications for access to personal records • Clarification/amendments to exemptions • Increased protection for Government records
The Freedom of Information Act 2014 • Removes the main restrictions on access to official information introduced by the FOI (Amendment)Act 2003 • Extend FOI to all public bodies • Extension of FOI to non-public bodies receiving significant public funding. • Removes €15 application fee. • Reduced fees for non personal records
Fees • €15 initial application fee repealed • Minimum threshold of €100 below which no search, retrieval and copying fees can be charged. Once the charge exceeds €100, full fees apply • There is a cap on the amount of search, retrieval and copying fees that can be charged of €500 • Upper limit on estimated search, retrieval and copying fees at €700 above which an FOI body can refuse to process a request, unless the requester is prepared to refine the request to bring the search, retrieval and copying fees below the limit; • Fee for internal review under Section 21 is now €30 (€10 for medical card holders and their dependants) • The fee for appeals to the Information Commissioner under Section 22 is now €50 (€15 for medical card holders and their dependants).
Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 Why was Data Protection introduced: • To regulate the collection, processing, keeping, use and disclosure of personal data • To give individuals access to their data and allow them to amend it if incorrect • To comply with EU Directives
Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 • What is data protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection Acts 1988 and 2003 confer rights on individuals as well as responsibilities on those persons processing personal data.
Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 • Protects privacy rights of individuals • Legal right of access to personal records (only) held on computer or on manual relevant filing systems • Applies to all organisations - private and public (FOI -public sector only)
Data Protection record definition Personal Data • data relating to a living individual who is or can be identified from the data or from the data in conjunction with other information that is in, or is likely to come into the possession of the data controller
What is a “relevant filing system”? • any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically…the set is structured, either by reference to individuals or … to criteria relating to individuals in such a way that specific information relating to a particular individual is readily accessible
What is “sensitive personal data” • Racial or ethnic origin, political opinions, religious or philosophical beliefs • Trade union membership status • Physical or mental health or condition or sexual life • Commission or alleged commission of offence
Eight Rules of Data Protectionfor Data Controllers • Obtain and process information fairly • Keep it only for one or more specified, explicit and lawful purposes • Use it and disclose it only in ways compatible with these purposes • Keep it safe and secure • Keep it accurate complete and up to date
Eight Rules of Data Protection • Ensure that it is adequate, relevant and not excessive. • Retain it for no longer than is necessary for the purpose or purposes • Give a copy of his/her personal data to that individual on request • www.dataprivacy.ie
Exempt/Protected records • Information about other people • Information received in confidence • Prejudicial to investigations, prosecutions • Legally privileged information • Prejudicial to security of State, prisons, international relations • Health and Social work records without agreement of Health/Social work Professional
FOI and Data Protection: differences • Different definitions of “personal information” • DP Act: no provisions for access to records of children, incapacitated or deceased • DP Act: 40 days for reply (FOI: 28 days) • Different exemptions in both Acts • Different rights of review • FOI Public sector only - Data Protection Public and Private
Risks/ChallengesFOI and DP • Security of Data • Security Breaches • Client/customer care versus legal obligations • Up to date and accurate records • Control of records
Risks/ChallengesFOI and DP • Ensuring compliance with the law • Audits by FOI and DP Commissioners • Limited resources
Responsibilities • Laptops • Mobile devices • Safegaurding Personal data • Physical security • Technical security
FOI Management/Compliance • Publications Information leaflets, booklets, website (Legal obligation to promote FOI) • FOI access procedures and routine access procedures • Student /Staff awareness and training • Records management
Data Protection Management/Compliance • Data Protection Policy • Privacy statement • Staff guidelines • DP access structures and procedures • Consent of data subjects • Staff training
Contact Ann McKeon Freedom of Information Officer Humanity House Maynooth University Tel: 01 7086184 Email: ann.mckeon@nuim.ie Website https://www.maynoothuniversity.ie/freedom-information