Search Legislation

Coroners and Justice Act 2009

Section 173: Assessment notices

736.Section 173 inserts new sections 41A, 41B and 41C into the 1998 Act. New section 41A(1) enables the Information Commissioner to carry out an assessment to determine whether a data controller has complied or is complying with the data protection principles. The Information Commissioner is not required to seek the consent of the data controller to undertake this assessment. Under this subsection, the Information Commissioner will be able to issue an assessment notice, which will require the subject of the notice to take certain action as set out in section 41A(3).

737.New section 41A(2) provides that the data controllers that may be served with an assessment notice are government departments, public authorities designated for the purposes of section 41A by an order made by the Secretary of State and other persons of a description so designated.

738.New section 41A(3) lists the requirements that may be included in an assessment notice. These include permitting the Commissioner to enter any specified premises and observe the processing of any personal data that takes place on the premises. The recipient of an assessment notice may be required to direct the Commissioner to any documents, equipment or other material on the premises that are of a specified description and to assist the Commissioner to view any information of a specified description that is capable of being viewed using equipment on the premises. The recipient of the notice may be required to permit the Commissioner to inspect or examine any of the documents, information, equipment or material to which the Commissioner is directed or which the Commissioner is assisted to view. The recipient may also be required to comply with any request from the Commissioner for a copy of any of the documents to which the Commissioner is directed and a copy (in a form requested by the Commissioner) of any of the information which the Commissioner is assisted to view. Finally, the notice may require the recipient to make available for interview by the Commissioner persons who process personal data on behalf of the data controller (and are willing to be interviewed).

739.New section 41A(5) sets out that the assessment notice must specify either the time when, or the period within which, the requirements of the notice must be complied with.

740.New section 41A(6) sets out that assessment notices must contain particulars of the rights of appeal conferred by section 48 of the 1998 Act.

741.New section 41A(7) provides that the Commissioner may cancel an assessment notice. This is to be done by giving a written notice to the data controller on whom the assessment notice was served.

742.New sections 41A(8) and 41A(11) oblige the Secretary of State to consider, at least every five years, whether it is still appropriate for a public authority, and necessary for a description of data controller, to be designated by order and, therefore, be subject to assessment notices.

743.New section 41A(9) provides that the Secretary of State must not designate a description of data controller as liable for assessment notices without a recommendation from the Information Commissioner. It also provides that before making an order to designate a description of data controller, the Secretary of State must consult such persons as appear to the Secretary of State to represent the interests of persons of the description to be designated and such other persons as the Secretary of State considers appropriate.

744.New section 41A(10) sets out the test that must be applied by the Information Commissioner when deciding whether to make a recommendation, and the Secretary of State when deciding whether to make an order to designate a description of data controller. They must be satisfied that designation is necessary having regard to the nature and quantity of data under the control of such persons, and any damage or distress which may be caused by a contravention by such persons of the data protection principles.

745.New section 41A(12) provides two definitions. It provides a definition of “public authority”, for the purpose of the order-making power in section 41A(2)(b), as any body, office-holder or other person in respect of which an order may be made under section 4 or 5 of the Freedom of Information Act 2000 or under section 4 or 5 of the Freedom of Information (Scotland) Act 2002. This adds to and expands the definition of public authority in section 1(1) of the 1998 Act, which provides that public authority means a public authority as defined by the Freedom of Information Act 2000 or a Scottish public authority as defined by the Freedom of Information (Scotland) Act 2002.

746.Section 41B(1) provides that the time or period given for compliance with an assessment notice must allow time for an appeal to be brought under section 48 of the 1998 Act. The result of this is that the need to comply with an assessment notice will be suspended if an appeal is brought.

747.New section 41B(2) establishes an exception to section 41B(1) by virtue of which, if there are special circumstances, the Commissioner can ask the data controller to comply with a requirement in an assessment notice as a matter of urgency. In this case the notice can take effect after seven days, beginning with the day on which the assessment noticed is served. The assessment notice in this case will need to include a statement that the Commissioner considers that the notice must be complied with as a matter of urgency and the Commissioner’s reasons for that conclusion.

748.New section 41B(3) ensures protection for material benefiting from legal professional privilege. An assessment notice does not have effect in relation to material that meets one of the tests set out in this subsection.

749.New section 41B(5) provides a number of exclusions from the powers to give assessment notices. They do not apply to a judge, which is defined in section 41C(6) as including a justice of the peace (or, in Northen Ireland, a lay magistrate), a member of a tribunal, and a clerk or other officer entitled to exercise the jurisdiction of a court or tribunal. In this section, tribunal means any tribunal in which legal proceedings may be brought.

750.Bodies specified in section 23(3) of the Freedom of Information Act 2000 are also excluded under section 41A(5). Those bodies are:

  • the Security Service,

  • the Secret Intelligence Service,

  • the Government Communications Headquarters,

  • the special forces,

  • the Tribunal established under section 65 of the Regulation of Investigatory Powers Act 2000,

  • the Tribunal established under section 7 of the Interception of Communications Act 1985,

  • the Tribunal established under section 5 of the Security Service Act 1989,

  • the Tribunal established under section 9 of the Intelligence Services Act 1994,

  • the Security Vetting Appeals Panel,

  • the Security Commission,

  • the National Criminal Intelligence Service,

  • the Service Authority for the National Criminal Intelligence Service, and

  • the Serious Organised Crime Agency.

751.Finally, the Office for Standards in Education, Children’s Services and Skills, is excluded from the scope of assessment notices, but only in so far as it is a data controller in respect of information processed for the purposes of functions exercisable by Her Majesty’s Chief Inspector of Education, Children’s Services and Skills by virtue of section 5(1)(a) of the Care Standards Act 2000.

752.New section 41C of the 1998 Act requires the Information Commissioner to produce a code of practice in relation to the exercise of his or her new function of issuing assessment notices. Section 41C(1) requires the Commissioner to produce the code and section 41C(2) provides a non-exhaustive list of the matters that must be covered by the code. Section 41C(3) provides that the code must make provision about access to health information and social care information. Section 41C(4) deals with the content of the report produced by the Commissioner as a result of an assessment notice. Section 41C(5) and (6) provide that the Commissioner may alter or replace the code and that such a replacement or altered code must be issued by the Commissioner. Section 41B(7) provides that any code must be approved by the Secretary of State before being issued. Section 41B(8) requires the Commissioner to publish the code.

Back to top

Options/Help

Print Options

Close

Explanatory Notes

Text created by the government department responsible for the subject matter of the Act to explain what the Act sets out to achieve and to make the Act accessible to readers who are not legally qualified. Explanatory Notes were introduced in 1999 and accompany all Public Acts except Appropriation, Consolidated Fund, Finance and Consolidation Acts.

Close

More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources
Close

Impact Assessments

Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:

  • Why the government is proposing to intervene;
  • The main options the government is considering, and which one is preferred;
  • How and to what extent new policies may impact on them; and,
  • The estimated costs and benefits of proposed measures.