The recent ransomware attack, affecting the NHS and other corporate organisations across the globe, is a salutary lesson to all of us, individuals, businesses...
Our specialist data protection and freedom of information solicitors can support you and your organisation to ensure compliance with the complex data protection, freedom of information and environmental information legislation.
Whether your organisation is storing, copying or transferring personal data or is faced with requests for confidential information, our experienced team can support your organisation to ensure the correct measures are being taken for compliance with legislation.
The Data Protection Act 1998 (DPA) controls how personal information about individuals is used by organisations, businesses and the government. Those responsible for using data are bound by the DPA to follow the data protection principles, which have been put in place to ensure information is:
- used fairly and lawfully and with a legal ground for processing;
- used for limited, specifically stated purposes;
- used in a way that is adequate, relevant and not excessive;
- kept for no longer than is absolutely necessary;
- handled according to people’s data protection rights;
- kept safe and secure; and
- not transferred outside the European Economic Area without adequate protection for the data-protection rights of individuals.
In instances where the data refers to sensitive information such as ethnic background, political opinions, religious beliefs, health, sexual health and criminal records, there is stronger legal protection.
The Freedom of Information Act 2000 (FOIA) provides public access to information held by public authorities. There are two ways in which it does this:
- Public authorities are obliged to publish certain information about their activities; and
- Members of the public are entitled to request information from public authorities
The FOIA covers all recorded information that is held by a public authority, such as government departments, local authorities, the NHS, schools and police forces, in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002. The Environmental Information Regulations 2004 (EIRs) require public authorities (which may include organisations in the housing sector) to make available on request the environmental information that they hold. The definition of environmental information under the EIR is very broad and includes:
- information on elements of the environment; and
- measures and activities likely to affect the environment.
Our data protection and freedom of information service
At Anthony Collins Solicitors, we work in partnership with you to provide clear, practical advice on all aspects of information law. As a housing-sector client you might handle a wide variety of sensitive and confidential personal data. We work closely with you in order to help you provide effective and pragmatic solutions to data-protection issues, such as subject-access requests and requests for disclosures of staff or tenant personal data under the DPA. We assist with issues that can arise under the FOIA, particularly where entering into contracts with public-sector bodies and with matters relating to the disclosure of information under the Environmental Information Regulations 2004.
We also work with our housing clients to provide training on data protection and freedom of information, which is tailored to the requirements of their organisation and focused on the issues that are likely to arise within the social-housing sector. Our experienced team use their extensive sector and legal knowledge to ensure your organisation operates in accordance with the law relating to data protection, freedom of information and the environmental information regulations including:
- advice on data security, data breaches and reputation management;
- drafting of, and advice in relation to, policy documentation, privacy notices for staff and tenants, data-processing contracts and data sharing protocols;
- advice in relation to requests for disclosure, subject access and applicable exemptions;
- advice in relation to collection and handling of tenant personal data and, particularly, sensitive personal data, and the legal grounds for processing such data under the DPA;
- advice on the direct marketing rules under the DPA and the Privacy and Electronic Communications (EC Directive) Regulations 2003;
- assistance with making requests for information under FOIA and advice in relation to the receipt of information requests under both FOIA and EIRs, including applicable exemptions;
- advice on privacy-affecting technologies such as CCTV;
- advice in relation to DBS checks and conviction information; and
- review of commercial contracts and advice in relation FOIA, EIR and DPA clauses, including implications for outsourcing, cloud computing and international data transfer.
Provisions within the Housing and Planning Act that remove the need for housing associations (“HAs”) to obtain consent from the Regulator to dispose of social housing (as well as to merge or enter new group structures) come into force on 6 April.
Such freedoms will allow HAs greater flexibility over how they use their assets and, potentially, how they structure their businesses. Our expert panel gathered to discuss the possible opportunities the deregulatory measures offer, together with the likely hurdles. Read the outcome of their discussion here.
We have been recognised for the work we do
The General Data Protection Regulations (GDPR) will come into force on 25 May 2018 and bring changes to the rules governing data protection and...
Katie Hopkins, the controversial columnist and former Apprentice candidate, has been ordered to pay £24,000 in damages to food writer, Jack Monroe, following two...
Welcome to this quarter's company secretary update, where we explore the key developments and highlights for company secretaries.
We are proud to announce the release of our 2016 Annual Report.
ICO Publishes Guidance on preparing for the new EU General Data Protection Regulation (GDPR) and launches new dedicated GDPR website.
To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, please sign up to Newsroom.