(7 years, 9 months ago)
Lords ChamberMy Lords, I will just pick up the noble Baroness’s last point about who is an official. There are examples, in other legislation, of references to “senior officials” and “designated officials”, which might be somewhere between the junior official she has in mind and the Permanent Secretary, but she is right to draw the issue to the Committee’s attention.
On an earlier group, the noble and learned Lord indicated that he was going to speak at greater length—I assume that may be on this group—on the reason for using the term “personal information” rather than “data”. Perhaps I may use my noble friend’s Amendment 213 to ensure that we get to share more of Government’s thinking. I understand the point about corporations, since in the one case, they come within the group covered, and in the other they do not. But I am still puzzled as to why such efforts have had to be made to deal with personal information and then to add in references to the Data Protection Act, rather than starting from the DPA—with any necessary exclusions—which would have taken us straight to the involvement of the Information Commissioner, the data protection principles and so on.
I wondered during the Statement whether to have a go at some alternative drafting for Report, but thought I had better wait for this discussion. But perhaps part of it boils down to a question on Clause 33(8), which says, in wording replicated elsewhere, that,
“nothing in section 30, 31 or 32 authorises … a disclosure which … contravenes the Data Protection Act”.
To look at it from the other end of that telescope, is there any personal information which is the subject of the Bill that would not fall within the DPA and therefore not be protected by that clause?
My Lords, I thought I would intervene to see if it might help the Minister. The code of practice does not make things any clearer. With reference to my noble friend’s very apt point about information versus data, paragraph 4 of the code says:
“The definitions of ‘personal information’ contained in the Bill are intended to ensure that the information shared through these powers is handled carefully”.
That does not sound like a particularly good legal answer to the question. It goes on:
“Though the definition of ‘personal information’ for the purposes of the Bill may differ from the definition of ‘personal data’ in the DPA, all information shared and used under the public service delivery, debt and fraud provisions must be handled in accordance with the framework of rules set out in the DPA”.
Where is that explicitly set out? It would be very helpful if the Minister, in answering, could advert to that as well.