DATA PROTECTION ACT 1998
SUPERVISORY POWERS OF THE INFORMATION COMMISSIONER
DATED 24th SEPTEMBER 2008
The Department for Communities and Local Government
The Department for Communities and Local Government is a “data
controller” as defined in section 1(1) of the Data Protection Act 1998 (the
The Commissioner has considered a request for assessment made under
section 42 of the Act by (name removed). The request for assessment
concerned the failure by the data controller to respond within the prescribed
period of 40 days to a subject access request made in compliance with the
requirements of section 7 of the Act by (name removed) on 18 April 2006.
The Commissioner has considered the issues arising out of the request for
assessment referred to in paragraph 2 above in addition to the
correspondence entered into with the data controller concerning this case.
The Commissioner has considered the data controller’s compliance with
the provisions of the Act in light of this matter.
Section 4(4) of the Act provides that, subject to section 27(1), it is the duty
of a data controller to comply with the data protection principles in relation
to all personal data with respect to which he is the data controller. The
relevant provisions of the Act are the Sixth Data Protection Principle and
The Sixth Data Protection Principle provides, at Part I of Schedule 1 to the
“Personal data shall be processed in accordance with the rights of data
subjects under the Act”.
Paragraph 8(a) of Part II of Schedule 1 to the Act further provides that:
“A person is to be regarded as contravening the sixth principle if, but only if,
he contravenes [amongst other things] section 7 by failing to supply
information in accordance with that section.”
Section 7 of the Act provides, amongst other things, as follows: