The recent Queen's Bench Division decision of Mr Justice Eady in Quinton v Peirce and Cooper [2009] EWHC 912 (QB), ostensibly a malicious falsehood action involving a local election in Woodcote, Oxfordshire, turned out to have some important repercussions for the uses to which Data Protection Act protection is deployed in British litigation.

Quinton, the Conservative candidate in local elections, was defeated by the previous incumbent, the Liberal Democrat candidate Peirce. He sued both Peirce and Peirce's election agent Cooper in respect of an election leaflet which, he said, contained factually false statements about him which were published maliciously and infringed two principles in the Data Protection Act 1998: the requirements for fairness and accuracy.

Eady J dismissed the action, concluding that the statements in question were not particularly false and were not made maliciously (malice being a more severe concept than … Continue Reading ››
I have from time to time been struck by the relatively low profile that the legitimacy conditions have in data protection matters; and thought it worthwhile reflecting on why this is so, at least in relation to processing by the State, where legitimacy has a special resonance.

The purposes for which data are processed by the State are generated by contexts which go deep into the social, political and legal framework, purposes which have, as a result, a deep legitimacy, reflected in the conditions – but not an uncontested legitimacy. Even when the conditions are legitimate for the state to process data there may still be interference with rights. A Secretary of State acting unilaterally under prerogative powers could meet a Schedule 2 condition.

In Directive 95/46/EC, Article 6 requires that data should be collected for a legitimate purpose. Article 7 states the … Continue Reading ››
Almost one in five businesses has unwittingly breached the Data Protection Act 1998 (DPA) at least, once according to a survey of "a nationally representative sample of 516 senior decision makers in small and medium businesses" conducted by BSI, the British Standards Institution.  Of these, nearly half admitted to breaching the Act on several occasions, while an additional 18% said they were not sure whether they had or not [in this context, "breach" means "the illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations"].

This survey, which seeks to reflect the way British businesses manage the personal information they hold on staff and customers, including sensitive data such as racial or ethnic origin, trade union membership and criminal … Continue Reading ››
The Practical Law Company has just published the second edition of the online PLC Cross-border Data Protection Handbook 2009/10. According to the publishers.
"The PLC Cross-border Data Protection Handbook contains invaluable, succinct and up to date information on laws, regulations and topics relevant to today's market.
Divided into two sections, the Handbook offers:
* 4 Cross-border chapters: Exploring issues such as compliance policies, data breach notification in the EU and the UK, obtaining documents and disclosure, and cross-border transfers of personal data.
* 12 Country Q&As: Focusing on matters such as current regulations, individual rights, third party processing, international transfer of data and enforcement, the Q&A format allows for easy jurisdiction by jurisdiction comparison". 
If you'd like to view the PLC Cross-border Handbook online, click here. For more information, or to purchase a copy of the … Continue Reading ››