Comparison of the scope and coverage of requests and enquiries for DPA and FoISA
Both the Data Protection Act 1998 [DPA] and the Freedom of Information [Scotland] Act 2002 [FoISA] provide mechanisms for an individual to seek access to information held by the University though the type of information that may be requested under the two Acts varies. Further advice is available from the DP/FoI Office. The table below summarises the basic differences:
| Data Protection Act 1998 | Freedom of Information [Scotland] Act 2002 | |
|---|---|---|
| Coverage | Applies to all organisations | Applies only to Scottish Public Authorities [SPA]- including all Universities |
| Scope | Covers personal data held by the University about a living person | Covers all recorded information held by the SPA |
| Rights | It enables the individual to (a) request access to all Personal Data about themselves tht is held by the University, and (b) ensure that the Personal Data will only be held for specific and valid purposes | It enables every individual the general right of access to any Recorded Information held by the University, but subject to a limited range of exemptions |
| Format | Request has to (a) be in writing to the Data Protection Office using a specific form, (b) include payment of £10 fee, and (c) include evidence of identity | Request has to (a) be in a recorded form (writing/email), (b) need not explicitly mention FoISA, (c) may be received in any part of the Univrsity, and (d) fees may be applicable on a sliding scale or may be waived |
| Who can request? | The individual, or his/her representative, only has the right of access to his/her own Personal Data | Any individual over the age of 12 years can submit an Information Request |
| Deadlines | Within 40 calendar days from receipt of request, confirmation of identity, and payment of £10 fee | Within 20 working days from receipt of request |
Both the DPA and FoISA require consistent and effective information and records management to be in place across the whole University to ensure legislative compliance. The Section 61 Code of Practice: Records Management, a supplement to FoISA issued by the Scottish Executive, explicitly sets out the requirement for information management.
