Reconciling data protection


Drawing on the work of Richard O. Mason, regarding the four ethical issues of the information age, O'Brien (2006) suggests that there are many instances of PAPA (Privacy, Access, Property and Accuracy) found in online teaching practice. The issue of information and privacy remains in relation to the information age a highly debatable issue. For Pollack and Hartzel (2006), one has had to routinely deal with issues such as 'privacy, digital security, identity theft, spyware, phishing, Internet pornography and spam' (Pollack and Hartzel, 2006, p. 172). Ethical issues in the information age have led to professional organisations like the Association for Computing Machinery (ACM) issuing their own Code of Ethical Conduct (Gray, 2006). Haag (2006) argues that it is imperative that professionals of information technology are provided with a sense of awareness of the pressing issues of ethics in ICT. Awareness of the ethical issues is likely to assist custodian of the information in public organisations to make decisions about individual information much more judiciously.

Two Acts of the legislature dealing with information are the Data Protection Act 1998 and the Freedom of Information Act 2000. While the Data Protection Act 1998 deals with the collection of information following a certain set of guidelines, the Freedom of Information Act 2000 is intended to act as a means of public authorities approaching openness and managing records (Forrester, 2003). Given the fact that one Act is about collecting and the other is about openness with information, how do provisions of the Acts ensure that privacy of individual is protected?

Objectives and Questions for the Research

The aims and objectives of this research are to investigate how individual as well as group privacy is protected under the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. In discussing privacy as one of the four ethical issues of the information age, Mason (1986) as several questions including the following: What information is necessary to be disclosed about oneself and what information is necessary to be kept away from others? Mason (1986) suggests that two main factors are threats to out privacy and these include the expansion of the information technology and its surveillance, storage and other capabilities; as well as the inevitable value of information in the process of decision-making as well as policy formation. Given the fact that decision making and policy formation as well as logging onto a computer on the internet of sending an email is likely to produce the effect of the Data Protection Act 1998 and the Freedom of Information Act 2000, answering the following research questions is likely to give some insight into how to different Acts of the Legislature, one for safeguarding information or data and one about openness with data serve to protect one's privacy:

  1. Are there weaknesses in the Data Protection and Freedom of Information Acts?
  2. How do these laws protect one's privacy?
  3. How can one act to protect one's own privacy under the provisions of the Acts?
  4. Are provisions of the law in conflict with each other?

A Brief Literature Review of Data Protection and Freedom of Information Acts

According to Bainbridge (2005), the Data Protection Act 1998 makes a good provision for the protection of individual's privacy; however, the size and complexity of the legislation pose difficulties for its interpretations. Similar criticism of the Freedom of Information Act 2000 is suggested by Cornford (2001) regarding the ambiguity of some of its provisions as well as whether the Act creates an undeniable right of access to information in some instances and then complete limitations in many others. It would be interesting to read what the research questions reveal about these Acts.

The United Kingdom's data protection law was contained in its original Data Protection Act of 1984 (Waugh, 1998) when it was replaced by the European directive in 1995. Waugh (1998) argues that the Act of 1984 had its origin in article 8 of the European Rights Convention, which gives individuals a right to respect to their private lives. The U K Data Protection Act 1984 as well as the 1998 Act require the registration data users with the Data Protection Registrar providing information or the data they would like to keep, the processes which will be applied to it, and the usage of the data. Once registered, the data user is required to ensure that they comply with the basics of the act. The following are combinations of the provisions of the Data Protection Act 1984 and the European Directive 1995 to form the principles of the Data Protection Act 1998:

  1. Collected and processed, fairly and within the law
  2. Kept only for lawful reasons in accordance with its original collection purpose
  3. Utilised only for reasons for which it was collected
  4. Disclosed where required only to those with rights of access
  5. Sufficient and relevant and not more than what is need by the data user
  6. Not distorted and up to date
  7. Kept only for a period required for the reason stated by the date user
  8. Individual is able to access their information
  9. Security of information from illegal access and use

One of the most important areas emphasised by the Data Protection Act 1998 provides individual with essential rights that include the right to access what personal information is held on information technology as well as most other records. If at some point an individual or an organisation believes that they're not being given adequate or any access to their personal information, they have the right to, or they feel their information has not been handled according to the principles listed above, they can contact the information Commissioner's Office for help. Complaints taken to the Information Commissioner's Office are usually handled informally, however, if the informal nature is not possible, enforcement action can be taken to redress the complaint (ICO, 2009).

It can be seen that in theory the Data Protection Act 1998 provides adequate safety in relation to people's right to the safety and security of their collected personal data. However, the real world is not like the theoretical world out there. This may be a question answer during the course of doing this research especially when considering the weaknesses of the provision of the Data Protection Act 1998.

A 2002 research report identified the U K as having one of the worst records in the developed world for protecting the privacy of its citizens. The survey in 50 countries was carried out by Privacy International and the US-based Electronic Privacy Information Centre and it singled out the UK for criticism over a series of law enforcement measures which the authors say have undermined civil liberties, especially since the September 11 terror attacks on the USA (Millar, 2002). The contradiction is that according to the report, there is strong public recognition and defence of privacy on the one hand, but on the other hand crime and other public order laws passed in recent years have placed substantial limitations on numerous right of silence, and freedom of speech.

The Freedom of Information Act 2000 on the other hand has begins with access rights. This provision of the Act asserts that requests made for disclosure of information will be made in writing stating the name and address of the person seeking the information. The correspondence will also describe the information requested (Forrester, 2003). The identity of the person seeking the information is of no concern to the authority unless the request is a contentious one. Also not of concern to the authority unless the request is contentious is nationality and status of residency (Forrester, 2003). Authorities dealing with a request under the provisions of the Freedom of Information Act 2000 are also obliged to provide information in the necessary format such as hardcopy (ICO, 2008).

In addition to right of access, the Freedom of Information Act 2000 provides for two major exemptions. These are referred to as absolute exemptions and qualified exemptions. The main thrust of this part of the Act is that it according Forrester (2003, p. 3) 'relates issues such as national security, law enforcement, commercial interests and data protection. Information that is available in another form to the person making the request will not also be provided under the provision of the Freedom of Information Act 2000. Whether an ordinary person seeking to obtain information held about them or their group know what constitutes the exemptions whether it is qualified or absolute.

Additionally, provisions of the Freedom of Information Act 2000 for the denial of request and the charging of fees for information or data provided are enshrined within the Act. Refusal of request for information under the Freedom of Information Act 2000 can be refused on different grounds; however, this must be done within twenty working days and the reason whether it is an exemption provision or any other should be clearly explained to the individual (Forrester, 2003). The Freedom of Information Act 2000 also confers on the public body the responsibility of managing of records within the provisions of the various Record Acts. Additionally, the provisions of the Act require public bodies to have a publication scheme approve by the Information Commissioner.

Given the continuous changes in information technology and the consequences for data protection, the Information Commissioner Office has set a target of making sure that good practice exceeds the limit of simply meeting the requirements of the United Kingdom law but it leads to consistency within the law as well as with the EU Data Protection Directive. Given also the fact that changing nature of information and communication technology may not necessarily sit well with the current Data Protection Act 1998, the Information Commissioner Office position is that the outcome it is seeking are a ultimate maximisation of data protection - the risk of stolen data harm through improper use of personal information given that most transactions are now done via. The main risk as suggested by ICO (2009) is the risk that individuals or groups may suffer harm because personal information about them is inaccurate, insufficient, inadequate or out of date, excessive or irrelevant.

Mason (1986) showed how a couple suffered immense difficulties because a bank clerk got information about the mortgage wrong. Furthermore, such individual risk could include one's personal data being passed onto other people who are legitimately entitle to such information but uses it maliciously. Individual harm can come in varying forms including tangible and quantifiable, as well as those of job loss, damage to personal relationships and social standing that arises from disclosure of personal information to others (ICO, 2009). Given the discussions of the two Acts above how does one answer the research question?

Method for this Research

Easterby-Smith et al (2004), seeking to clarify the usefulness of understanding the philosophical issues in research, provides three main reasons as follows: assisting in the research design including consideration of what evidence is required and how it should be gathered and interpreted; recognition of the design that will work and the ones will not work, and possibly identifying and creating research design outside of the researcher's previous experience. It may also lead to the adaptation of "research designs according to the constraints of different subject or knowledge structures" (Easterby et al, 2004, p27). This concurs with Morrison (2002) arguement that methodology is more than just methods and techniques or tools for research. Morrison suggests that "methodological concerns are implicated at every stage of the research process" (Morrison, 2004, p. 11). To present it in different words, research methodology should underpin the research design as well as the data collection and analysis techniques.

Methodological challenges are common science research as well research as a whole. The decision to use the qualitative or quantitative methodology is rooted in the philosophy that lies within the research. Some authors link the positivist paradigm with quantitative methodology and the qualitative or interpretative methodology with the social constructionism or phenomenological paradigm. Hussey and Hussey on the other hand suggest that these words should be used with care 'because it is possible for a positivistic paradigm to produce qualitative data and vice versa (Hussey and Hussey, 1997, p. 55). Briggs and Coleman (2002) agree with Hussey and Hussey by indicating that eventhough research approaches might be quantitative or qualitative, research methodologies can be survey, action research or case study research. While survey research mostly offers a positivistic methodology where a sample of research subjects is drawn from a population and studied to make inferences about the population, action research and case studies are both phenomenological methodologies (Hussey and Hussey, 1997).

In discussing the interpretative research methods in computer science, Berntsen et al (2004) argue that research is interpretative if one's knowledge of reality is obtained through social constructions including language, shared means, artefacts and documents. Greenbank et al (2009) indicated the use of documentary analysis for research. This agrees with Demeyer (2010) assertion that research into issues in computer science can take methods such as simulation, comparative study, pilot case or case study, feasibility study and literature survey or documentary analysis. In this research, various documents including the Data Protection Acts 1998 and the Freedom of Information Act 2000 will be analysed for the research questions listed above. A categorisation matrix reflecting the questions as well as other documents associated with the topic will be examined.


The Data Protection Act 1998 and the Freedom of Information Act 2000 provide a measure of how information about an individual or a group should be collected, stored and released when needed. Given the fact that privacy is one of the four main ethical issues of the information age, the challenge is to determine whether the two Acts are reconcilable. This research will use documentary analysis to answer the questions above.


  1. O'Brien, P. (2006) The Four Ethical Issues of Online Learning: A Participatory Workshop, Technology and Citizenship, University College of the Fraser Valley, British Columbia
  2. Pollack, T. A. and Hartzel, K. S. (2006) "Ethical Issues for the Information Systems Professional", Proceedings of the 2006 ASCUE Conference, June 11 - 15 2006, South Carolina
  3. Greenbank, P., Penketh, C. Schofield, M. and Turjansky, T. (2009) "The Undergraduate Dissertation:'Most likely you go your way and I'll go mine", International Journal for Quality and Standard, pp. 1 - 24
  4. Forrester, R. (2003) Freedom of Information Act 2000: Overview Summary, Office of Information Commissioner
  5. Cornford, T. (2001) "The Freedom of Information Act 2000: Genuine or Sham?", Web Journal of Legal Issues, Volume 3
  6. Bainbridge, D. "Introduction to Computer Law - Fifth Edition",, Pearson Education Ltd, London
  7. ICO (2009a) Data Protection - Protecting People: A Data Protection Strategy for the Information Commissioner's Office, London: Information Commissioner's Office
  8. Waugh, K. (1998) "Time to Get Personal", The Computer Bulletin, January 1998, British Computer Society
  9. Easterby-Smith, M., Thorpe, R., and Lowe, A. (1991), Management Research: An Introduction, London: Sage
  10. Morrison, M (2002) 'What Do We Mean by Educational Research?', in Briggs, A.R. J. and Coleman, M. (eds.) Research Methods in Educational Leadership and Management
  11. Berntsen, K. Sampson, J. and Osterlie, T. (2004) Interpretive Research Methods in Computer Science, Norwegian University of Science and Technology, Trondheim
  12. Mason, R. O. (1986) "Four Ethical Issues of the Information Age", Management Information Systems Quarterly, Vol. 10, No. , pp. 5 - 12
  13. Dermeyer, S. (2010) Research Methods in Computer Science, University of Antwerp, Belgium

Please be aware that the free essay that you were just reading was not written by us. This essay, and all of the others available to view on the website, were provided to us by students in exchange for services that we offer. This relationship helps our students to get an even better deal while also contributing to the biggest free essay resource in the UK!