ICO consultation - Privacy Impact Assessment - data protection register
ICO consultation - Privacy Impact Assessment - data protection register "The ICO is required by law to make the register available for inspection and does this via the ICO website. We are currently exploring the possibility of making the register available to be downloaded in its entirety, in a reusable format.
There will be a number of potential benefits from making this data available. For example, opening the data up will allow others to combine, analyse and gain new insights from it. The principles of open data have also been recently set out in the Protection of Freedoms Bill.
However, a number of entries on the register relate to individuals, such as sole traders, and there are therefore data protection considerations. For example, is it fair that data collected for a statutory purpose is made available in a form that could make it more widely available and usable?
We want your views on what the impact on individuals would be if the register was available to download as a dataset, in a re-usable format, in its entirety."
whatdotheyknow.com final response
sent to: [email protected] - Thu, Mar 31, 2011 at 6:24 AM
Response of the WhatDoTheyKnow.com volunteers to the ICO consultation re data protection register
We would support the register of data controllers being made available as an easily reusable dataset. The register is public and can already be accessed online anywhere in the world and so there are no significant privacy issues associated with publishing the register in a more accessible format. It is true that the register includes individuals such as sole traders however the information is about these individuals in a business capacity or other official capacity as oppose to information related to activities carried out in a personal capacity.
One of the strengths of the Freedom of Information Act 2000 is that it gives people the right to request data in a preferred format and requires public authorities including the ICO to give effect to that preference where it is reasonably practical to do so. Unfortunately, if information has already been made available in one format requests for the same information in an alternative format are often refused using the Section 21 exemption ("Information accessible to applicant by other means"). Our view is that the law should be changed so that the Section 21 exemption would not apply where the data is not available to the public in the preferred format and it is reasonably practical for the public authority to provide the data in the preferred format. If the law was changed in this way the ICO would have to release the Register in a readily reusable format on request.
The database includes information about whether or not a data controller believes it is subject to the Freedom of Information Act 2000 or the Freedom of Information (Scotland) Act 2002. In many cases it is easy to establish whether or not an organisation is subject to FOI but in other cases it can be more complex e.g. publicly owned companies. A list of public authorities subject to FOI would be useful for WhatDoTheyKnow.com and others interested in the coverage of Freedom of Information legislation. Unfortunately, at present the database makes no distinction between public bodies subject to FOI in respect of all the information they hold and individuals/organisations only subject to FOI in respect of very specific functions. In practice, this means that the list of pubic authorities is 'cluttered' with pharmacists, dentist, opticians and others who are only subject to FOI to a limited extent. It would be helpful for our purposes if we could easily differentiate between these, this would require the ICO collecting more data from data controllers who are subject to FOI either on notification or subsequently.
 ICO response to an FOI request 22 February 2010 - Case Reference Number IRQ0293607 (http://www.whatdotheyknow.com/request/28178/response/71975/attach/2/IRQ0293607.txt.txt) regards,
John Cross WhatDoTheyKnow.com volunteer