data protect act question(s), help please

ste_bla · 18 Nov 2006 at 11:10

Got two questions, under the data protection act I know you can request any info kept on you by a business and they can charge a small fee.

Q1 - The business I work for dont want me to see my persoanell file and so under the DPA could I request a copy of it or is that excluded?

Q2 - Can you get your Doctors files or is that excluded?

Moredhel · 18 Nov 2006 at 11:25

Yes to both of them, and the most they can charge is £9.99, although that may have gone up since, inflation and all that.

ste_bla · 18 Nov 2006 at 11:27

Any time limits on how long they can take?

starscream · 18 Nov 2006 at 11:29

ste_bla said:
Any time limits on how long they can take?

40 days.

FordPrefect · 18 Nov 2006 at 11:34

Yes you can request to see both of them but in the case of doctors records I believe there is a cut off date before which you cannot see the files its sometime in 1992 if I remember correctly. As stated the max they can charge is 9.99 but its a charge just to cover the costs of collating and sending the information to you.

Geoff · 18 Nov 2006 at 17:56

ste_bla said:
Got two questions, under the data protection act I know you can request any info kept on you by a business and they can charge a small fee.

Q1 - The business I work for dont want me to see my persoanell file and so under the DPA could I request a copy of it or is that excluded?

Yes, you can, and no it isn't excluded.

There are, however, some limitations.

The DPA puts restrictions and duties on any body (except those exempt for one reason or another) to follow a variety of principles, including proper processing, confidentiality and data subject access. It's that last that is important to you, but you need to be aware that your right of access is not universal. For instance, if disclosing certain data to you would infringe someone else's right to data confidentiality. Then, a decision has to be made about exactly what can and can't be released.

Also, the DPA does not put a duty on organisations to retain data indefinitely. In fact, rather the reverse. So they MUST retain some types of data for specified periods (such as to comply with company legislation or the dictats of the Inland Revenue), but beyond that, they're under an obligation only to retain data for as long as is necessary to comply with the purposes for which the data is registered.

In other words, by and large yes, you can force disclosure .... but it's not an absolute right. There are limits.

ste_bla said:
Q2 - Can you get your Doctors files or is that excluded?

No, it's not excluded. In fact, quite the reverse, it is explicitly included. BUT, again, while the broad principle is that you have access, there are also a series of perfectly reasonable and fully understandable exceptions, such as where disclosure would infringe some third party's rights of confidentiality.

Also, in the case of medical records, much of which is still in manual form, the fee can be a lot higher (£50 IIRC).

And there are also medical grounds on which access can be refused, or limited.

But broadly, yes, you have a right of access to your medical records.

Data Protection access rights are, pretty much like any legislation, never absolutely cut and dried. The broad principle is that we all have access to any data held about us .... subject to a sometimes substantial list of ifs, buts, and except-fors. Your final level of access will depend on factors not predictable by anyone that does not have access to the specific data you request.

Van Hellseek · 18 Nov 2006 at 17:57

ste_bla said:
under the data protection act I know you can request any info kept on you by a business

i wonder if this applies to the ocuk forums

Geoff · 18 Nov 2006 at 17:59

FordPrefect said:
Yes you can request to see both of them but in the case of doctors records I believe there is a cut off date before which you cannot see the files its sometime in 1992 if I remember correctly. As stated the max they can charge is 9.99 but its a charge just to cover the costs of collating and sending the information to you.

Nope. £50, if the records are manual. The upside is that since the DPA was amended (1998 IIRC), manual records are not necessarily exempt for data access rights. Previously, they were. However, depending on how the data is kept, it might still not be covered. Anything in a "relevant filing system" is included, but anything outside that is not. So, notes in a formal hand-written patient record would be covered, but scribblings in a GPs diary would not. Probably.

Jotun · 18 Nov 2006 at 18:06

seek said:
i wonder if this applies to the ocuk forums

The forums aren't a business

All the information on the forums is stuff everyone posted themselves anyway.

Van Hellseek · 18 Nov 2006 at 18:07

fair enough then.

Geoff · 18 Nov 2006 at 18:07

seek said:
i wonder if this applies to the ocuk forums

I rather doubt it.

For a start, ste_bla's basic assertion was wrong. It's not "any" information that is covered, but personal data. If a forum account can't identify the individual, there'd be no cover, and even some types of personal data aren't covered, such as staff administration or accounts, or aggregated statistical data.

Oh, and obviously, you'd only have a right to access your own data, even if you did have acess rights.