'Availability and use of Personal Information in Public Registers'.
The Report sets out the extent to which information about individuals
is made widely available through public registers. It is intended to
be restricted. Public registers include the electoral roll but the
report looks more widely; in particular at financial and business
registers such as the Register of Members (shareholder register).
Professor Charles Oppenheim and Dr J. Eric Davies of the department
of information science at Loughborough University are the authors of
the report. A summary of their findings is attached.
In welcoming the report Elizabeth France, data protection
commissioner said, 'Modern technology has changed the nature of
public registers. The privacy protection the public gained from the
length, format and inaccessibility of many registers has been eroded.
We need to know what information is available about whom and how it
is being used so we can decide whether new measures are needed to
protect individuals. This report starts the ball rolling'.
The Representation of the People Bill is currently before parliament.
This provides for significant change in the way the electoral
register is compiled and used. Publication of the report is therefore
opportune. Its findings support the proposal that individuals should
be able to opt-out of having their details included on copies of the
register that are sold commercially. The full register would still
be available for law enforcement related purposes.
Ms France said: 'The Representation of the People Bill is a welcome step forward. The present position whereby individuals, on penalty of a criminal conviction, have to supply their details to the electoral
registration office who is then obliged to sell them to anyone who
wants them for whatever purpose is unsustainable. Although industry
has lobbied to retain the present system, change is long overdue. The
proposals in the Bill strike the correct balance between individuals'
privacy and commercial interests. I look forward to them becoming
EXECUTIVE SUMMARY - Public Registers
Study of the Availability and Use of Personal Information in Public
Registers: Final Report to the Office of the Data Protection
Registrar by J.E. Davies and C. Oppenheim. Loughborough University:
Department of Information Science
The Report documents a comprehensive overview of the availability and
use of personal information in public registers, which was undertaken
for the Office of the Data Protection Registrar in 1999.
The study relates to concerns regarding the possible abuse of
personal information that can readily be found in 'public registers'
or lists that are required to be made available to the public under
statute or regulation. Examples of such possible abuse range from a
recent murder case where the victim was allegedly identified as a
'target' by the murderer by means of the Electoral Register (which
shows details of people living alone) to directors of pharmaceutical
companies being targeted by animal rights activists.
The limited amount of published research that was available on public
registers was studied. The published literature covered three broad
themes. Firstly, there were guides to obtaining personal information
in which public registers were often recommended and even the
potential dangers of such lists were sometimes mentioned. Secondly,
some material on specific public registers such as the voters' list,
lists of company secretaries and directors, and shareholders'
registers drew attention, with examples, to the way in which they
could be misused and the risks that were involved. There was however
the recognition that the public interest was served by the
availability of information. Finally, some material originating from
the United States and New Zealand relating to issues of open
government and freedom of information included consideration of
public register information and how it might be used and misused. The
publication, availability and right of access to government
publications and information, without appropriate safeguards, brought
with it the risk that a profile on an individual might be
constructed, or data on individuals could be pieced together to
convey extensive insights into households. In all these examples it
should be stressed that the volume of published material containing
criticisms and real examples of misuse was relatively low.
The major part of the study entailed a detailed scrutiny of a wide
range of public registers. There are many public registers and they
vary greatly in terms of size, sensitivity and enabling legislation.
The study identified the many different kinds of public register in
existence and the Statute(s) under which they were created and
maintained. They ranged from The Annual Returns of Companies through
The Disqualified Directors Register and The Register of County Court
Judgements to The Register of Veterinary Surgeons. The scale of
public registers, the nature of the information held within them, and
the use to which they were put (often in addition to their intended
function) were established. Two types of register in particular were
given detailed attention because of their size and importance; these
were the Electoral Register, or voters' list, and the Register of
Members or shareholders lists.
First hand information was gathered through discussions with various
interested parties who either managed, or controlled registers, or
used the information in them. Information, both factual and
subjective, was gathered from a selection of controllers of registers
through telephone interviews. The basic information acquired
- how is the list compiled?
- what is in it?
- how is it made available?
- how is it distributed?
- how is it used?
- by whom is it used?
- how 'sensitive' is it?
Other information was received through unsolicited communications
from interested parties who use data from Registers whether as
individuals, or as representatives of trade associations and other
groups. In some cases, meetings were held with representatives or
individuals, and these sometimes extended to in-depth interviews.
Detailed information was received from:
- Lloyds TSB Registrars
- Direct Marketing Association UK Ltd.
- Ex Police Officers in Industry and Commerce, [E.P.I.C.]
- Consumer Credit Trade Association, [CCTA]
- Institute of Professional Investigators.
Preliminary findings suggested that the issue of public registers
gives rise to a not inconsiderable amount of controversy in some
quarters. There was evidence of some polarisation between those who
seek freedom to use openly [and legally] available personal data for
their professional business and those who see pitfalls in unfettered
application of register data for functions other than that for which
the contents of registers are primarily produced. The primary concern
came from those users of the public Registers who employ the
information to track down fraud and other illegal activities.
Considerable anxiety was expressed by these 'stakeholders' that
restrictions on access could hamper or disable such tracking.
A good deal of support was found for a scheme of licensing or
registering organisations for permission to use major public
registers. Such organisations would have to agree to abide by
certain principles and practices imposed by the regulating body as
well as, of course, abiding by the Data Protection Principles.
Some aspects regarding the open availability for consultation and
purchase of the Electoral Roll were of particular concern especially
as there is a statutory obligation for those eligible to vote to be
included in it. People living alone and those who are fugitives from
domestic violence were but two examples where it might not always be
prudent to make information entirely open. The very positive
recommendations for protecting privacy whilst maintaining
enfranchisement, from the Home Office Working Party on Electoral
Procedures, were identified as a basis for a useful approach to these
Appendices to the Report contain; a list of relevant references, text
of the Privacy Principles and other related sections of the New
Zealand Privacy Act and templates containing the questions for
interview data gathering.
The Data Protection Act works in two ways, giving individuals rights
about the way their information is used and ensuring those who use it
have corresponding obligations. It also gives the Commissioner a key
role in promoting good practice.
The 1998 Act replaces the 1984 Data Protection Act. Its scope is much
broader than that of the earlier Act. The definition of processing
shows this clearly. Almost any activity involving personal data is
covered by its provisions. It also extends to some paper records
requirements which previously applied only to information held on
While the implementation date is later than had been expected
Elizabeth France said: 'I am pleased to welcome the implementation of the 1998 Data Protection Act. Some of the statutory instruments necessary to make it work are complex and the home office was right to allow time for detailed discussion of their proposals. We look forward now to promoting wide spread understanding of the provisions.'
The Data Protection Commissioner added: 'Although the Act has been
brought into effect 18 months later than expected data controllers
must understand that there will be no corresponding slippage in the
date when transitional relief will cease. They will still have to
comply fully with the 1998 Act from October 2001 for most of their
processing. They should use this time to review the way they handle
personal data so that they are ready to meet their new obligations.'