What is Personal Data?
According to the Data Protection Act, "personal data" is defined as:
"Data which relates to a living individual who can be identified...
- from those data, or
- from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
...and includes any expression of opinion about the individual and any intentions of the data controller or any other person in respect of the individual."
The above definition was re-evaluated by the UK Court of Appeal during the Durant V FSA case in 2003. The court ruled that personal data is only information that relates to a person's privacy. The information must be biographical in a significant sense, going beyond the recording of involvement in a matter or an event which has no personal connotations. The individual should be the focus of the information rather than some other person or event. The University will apply this definition when processing Subject Access Requests, which the previous definition will be used for all other aspects of Data Protection within the University.
What types of records are covered under the Data Protection Act?
The types of records covered under the Data Protection Act include:
- All computerised data.
- All structured manual (paper) files. These are records that are held in a Relevant Filing System, where records are arranged by names of the data subject.
- Unstructured manual files can also apply, but only if the data subject knows that the information exists and knows where the information can be located.