Johnson v MDU: Further guidance from the courts on data protection - Eversheds - Legal Practice

Johnson v MDU: Further guidance from the courts on data protection
LegalDay - News and Links for UK Law

Johnson v MDU - Further guidance from the courts on data protection - Act 1998

LegalDay Home Cases CurrentIssues LegalPractice Jobs News SiteMap Search+

Contact Privacy Advertise Use Our Content Visitor List Publish on LegalDay Work for LegalDay

Click Here for the Latest Legal News

14 May 2004

Eversheds

http://www.eversheds.com

Johnson v MDU: Further guidance from the courts on data protection

This case further clarifies the definition of personal data but also further restricts an individual's right to see information which may refer to him. It must clearly focus on him and must be easily accessible to the data controller. However, the court has widened the circumstances where an individual can require a data controller to disclose personal data where that data refers to third parties.

Under the Data Protection Act 1998, personal data may be disclosed to the individual to whom it relates (the data subject) when that individual makes a request for it from the body using that information (the data controller). The request for the information is known as a "subject access request". This recent case applies the Durant case (which has been the subject of a previous e80) in considering whether information held by the Medical Defence Union (MDU) was "personal data" relating to one of its former members. Interestingly, this case is the first since the guidance in the Durant case was produced.

The court said that information that was at one time held in an electronic format, but no longer is, does not automatically have to be disclosed to a data subject following a subject access request. A data controller can only be required to search through data which it has at the time the request comes in. In addition, the court said that a data controller's employees must be able to identify relevant data at the outset with reasonable certainty and speed and without having to make a manual search.

The court next followed the Durant case, in that it is only information which focuses on the data subject and affects his privacy which can be classed as personal data and therefore which may be disclosed. The court also said that if what is sought is not personal data, then neither the data nor the source or addressees of it are discloseable.

The Durant case set out that the Act creates a presumption that information about a third party can only be disclosed to a data subject with the consent of that third party. However, this case sets out that information identifying a third party can be disclosed without his consent, where it is necessarily part of the personal data requested and where the data controller considers it reasonable to do so in all the circumstances, having considered all the facts of the case.

Finally, under section 7(1)(c)(ii) of the Act, an individual may be entitled to information which the data controller has about the source of the individual's personal data. The court said that the definition of "sources" in section 7 of the Act is quite narrow and does not include every hand through which data may have passed (such as secretarial staff or a postman).

Pawan Pandit
Assistant Solicitor
For Eversheds LLP
Direct Dial - +44 (0) 191 241 6162
Fax - +44 (0) 191 241 6499
E-mail - pawanpandit@eversheds.com
www.eversheds.com

--------------------------------------------------
You can find out more about Eversheds e80 and search the Eversheds e80 archive at www.eversheds80.com
---------------------------------------------------
Find out more about protecting your reputation online with Eversheds Brandcomplete at http://www.eversheds.com/brandcomplete/home.asp
--------------------------------------------------
e80 is provided for information purposes only and should not be regarded as a substitute for taking legal advice
------------------------------------------------
This service is provided by Eversheds LLP - for the terms of service see your welcome message and www.eversheds80.com.
Eversheds LLP is a limited liability partnership, registered in England and Wales, registered number OC304065, registered office Senator House, 85 Queen Victoria Street, London EC4V 4JL. Regulated by the Law Society. A list of the members' names and their professional qualifications is available for inspection at the above office. For a full list of our offices please visit www.eversheds.com
----------------------------------------------------
www.eversheds.com

Legal Day Table

Jobs Now

LEGAL DIRECTOR
Sought for challenging in-house position with Myspace, the online space which has revolutionized the way people interact, as sole attorney in their London office
More >>

HEALTHCARE LAWYER
With at least 5 years PQE sought by Capsticks, a leading healthcare practice, to drive forward the development of their Birmigham based office
More >>

PI PARALEGAL
Required by Plexus Law, a specialist PI firm, to provide in-house support to the Motor Claims Department in their Folkstone offices
More >>

NETWORK ENGINEER
Sought by Personnel 2000 for their client, an international banking insurance provider, based in the Cayman Islands
More >>

LEGAL SECRETARY
Required by Law Choice for their client, a prestigious US law firm, to work for 2 partners in their Dubai offices
More >>

Legalday Related Pages

Privacy Links

Contact

Eversheds
http://www.eversheds.com

More Commentaries From
Eversheds

Patenting software and business methods - Third update
22 June 2007

Fake Blogging - False Representation - Unfair Business Practices
18 June 2007

Hacked off to the US
08 May 2007

More Commentaries from
Eversheds

Author/Firm Profile
Eversheds