I have just recieved the following e mail from liberty re De Poel.
Dear…
Thank you for your query received on 22 February 2005. First, please let me apologise for the long delay in responding to your query. Our Advice and Information section receives an enormous number of queries each year and we have limited resources with which to deal with them. We are currently implementing strategies to improve the quality of our service. In the meantime, I am truly sorry for any inconvenience caused and I thank you for your patience.
I understand that you are concerned about a database which has been set up by a company called De Poel which contains personal information and details of HGV drivers. You are wanting some advice about your rights.
Accessing Personal Data
The Data Protection Act 1998 (DPA) provides a general right of access to personal information - data - about you held by public authorities and private bodies, whether in electronic or paper form. With some exceptions, you are entitled to see the data held about your personally and there are certain principles that the data controller (the person who is holding the data) must adhere to.
If you want to see the data that is being held about you, you should make a written request to the data controller. Explain that you are applying under Section 7(1) of the DPA. Sending your request by recorded delivery will help avoid any later dispute about whether it was received.
The data controller must normally give access within 40 days of receiving your request and any supplementary details needed. A fee may be charged for providing the data. At the time of writing the maximum fee is £10. The data controller must supply the information in permanent form. This normally means a printout or a photocopy, but could also include copies of microfiches, computer disks or audio/video cassettes. The data controller can refuse to supply a permanent copy of the data if this is not possible or would involve disproportionate effort. You are still entitled to inspect the information.
Please note that there are certain exemptions to this right to access any information held about you. If your data cannot be disclosed without simultaneously releasing data which concerns another person, then it will not be disclosed to you without the other person’s consent, unless it is reasonable in all the circumstances to comply with your request, taking into account how hard the data controller has tried to obtain that person’s consent, whether that person is capable of giving their consent and any duty of confidentiality owed to that individual.
If it is the interests of national security not to disclose the information you require, it need not be disclosed. However, there is the opportunity to appeal to a Tribunal if you are adversely affected by this.
If the information may be used for the prevention of crime, the apprehension of offenders or to assist the collection of taxation, then it need not be disclosed on request.
Data Protection Principles
A data controller can only use information about you in accordance with principles laid out in the Data Protection Act 1998 (DPA). Amongst other things, these require that the information must be collected and used responsibly, fairly and lawfully, that the information must be accurate and adequate, kept secure and that it must not be held for longer than is necessary for the purposes for which it is held. These purposes will be specified in the data controller’s data protection register entry. In general, your consent is required in order to process information about you, however processing is also permitted under several categories, in particular where the processing is necessary to pursue the legitimate interests of the data controller or third parties, unless it could prejudice the interests of the data subject.
If the data processors fail to comply with any of the above principles, then they will be acting in breach of the DPA and you will be able to take action to force them to comply. The first step would be to write to the data controller demanding compliance under the Data Protection Act 1998. You should also take this step if you do not receive a satisfactory response from any request to see data held about you personally. If you do not like the data controller’s response, you should contact the Information Commissioner at informationcommissioner.gov.uk/. They have a telephone helpline which is 01625 545 745, or they can be contacted by post at:
FOI Compliance Team (complaints)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
You are entitled to request the Information Commissioner to carry out an assessment to decide whether the processing is likely to have been carried out in compliance with the requirements of the DPA. Such an assessment might assist you in deciding whether to take any legal action.
Employer’s References
I understand that the information contained in the database may relate to your employment history. Usually an employee has no right to see a reference given by his/her employer, however there is no reason why a new employer should not supply a copy of the reference. There are also some limits as to what an employer can say about an employee. The employer must not maliciously make false statements or negligently make a wrong statement. The courts have ruled that an employer giving a reference about an employee owes her/him a duty of care. This means that the employer could be sued for negligence if the reference contains inaccuracies which result in the employee suffering a loss. It might also be possible to sue for defamation.
If you wish to pursue this type of legal action, you should consult a solicitor. You can obtain details of solicitors in your area and their areas of expertise from the Community Legal Services helpline on 0845 608 1122.
Human Rights Act 1988
The main articles of the European Convention on Human Rights were incorporated into domestic law by the Human Rights Act 1998. Article 8 guarantees that everyone has the right to respect for his/her private and family life, home and correspondence. This right could be engaged if your employer is collecting personal information about you. However, the Human Rights Act 1998 only applies as against ‘public authorities’ which means that you cannot demand compliance from a private company. If De Poel is a private company (as opposed to an entity that is performing a public function), you would not be able to rely on the Human Rights Act 1998 directly to bring a claim. Also, you should note that Article 8 is not absolute. The right is qualified, meaning that it can be interfered with where such interference is necessary in a democratic society, for a legitimate aim and proportionate.
I hope that this information is of assistance. Thank you for contacting Liberty. Once again, please accept my apologies for the delay.
Yours sincerely,
Nicole Chrolavicius
Advice and Information Officer
Liberty
21 Tabard Street
London SE1 4LA