MANCHESTER SPECIFIC INFORMATION
The Data Protection Act 1998 specifies the duties of local authorities and other agencies in relation to holding, storing and processing of the personal data of living individuals (referred to within the Act as data subjects). Such information will either be held on IT databases or in hard copy.
The Act terms people the local authority holds information about as ‘data subjects’.
The Act terms bodies, such as the local authority, who control the manner and the purpose of personal data processing ‘data controllers’.
The Act gives data subjects the right to see a copy of their personal information held by the local authority and other agencies, including facts and opinions expressed about them as well as images and handwritten notes.
In most circumstances it is only the data subjects who are entitled to receive the information held about them by the local authority. The information provided to them by the local authority must be redacted to ensure they only receive information relating to them, and not to anyone else.
If a solicitor makes a request on behalf of a client to access their case records, the solicitor must obtain written consent from the adult which allows the solicitor to receive the information. This consent must be sent to the local authority as part of the application.
Although there are no specific provisions in the Data Protection Act regarding access of records in relation to people who lack capacity, the Mental Capacity Act 2005 enables a third party to exercise subject access rights on behalf of such an adult. It is reasonable to assume, therefore that an attorney with authority to manage the property and affairs of an adult will have the appropriate authority. The same applies to a person appointed by the Court of Protection to make decisions about such matters.
The data subjects are allowed to receive all non-exempt information (see 3.1 Exempt Information) held about them by the local authority. People making such requests should be asked what information they specifically want to see. This will reduce the likelihood of a request being denied due to the inclusion of exempt information.
In some circumstances it may not be possible to allow people to access to some or all of the information in their records, for example if it mentions another person (see 3.2 Third Party Information below), if giving them the information may cause them harm, or if it is needed for the prevention or detection of a crime. The person should usually be told the reason why it is not possible for them to access their records.
Please not that correspondence between local authority departments and its legal services department is privileged and therefore also exempt from disclosure.
Responding to a request may involve providing information relating to another individual who can be identified from that information. This is third party information. In most cases, the local authority will need to redact this information or obtain written consent of that third party before disclosing the information to the data subject.
Requests for access to information are called ‘Subject Access Requests (SARs)’. These must be made in writing.
The local authority has 40 calendar days to respond to a written request. This allows time for personal information to be collated from all involved departments within the local authority, analysed to ensure it does not contain exempt information and for decisions to be made about whether any information is exempt.
– End –