Data Protection Act 1984 (c. 35)
1984 Chapter c.35 - continued
 
  PART IV
  EXEMPTIONS
Preliminary.  26. - (1) References in any provision of Part II or III of this Act to personal data do not include references to data which by virtue of this Part of this Act are exempt from that provision.
 
      (2) In this Part of this Act "the subject access provisions" means- 
 
 
    (a) section 21 above; and
 
    (b) any provision of Part II of this Act conferring a power on the Registrar to the extent to which it is exercisable by reference to paragraph (a) of the seventh data protection principle.
      (3) In this Part of this Act "the non-disclosure provisions" means- 
 
 
    (a) sections 5(2)(d) and 15 above; and
 
    (b) any provision of Part II of this Act conferring a power on the Registrar to the extent to which it is exercisable by reference to any data protection principle inconsistent with the disclosure in question.
      (4) Except as provided by this Part of this Act the subject access provisions shall apply notwithstanding any enactment or rule of law prohibiting or restricting the disclosure, or authorising the withholding , of information.
 
National security.  27. - (1) Personal data are exempt from the provisions of Part II of this Act and of sections 21 to 24 above if the exemption is required for the purpose of safeguarding national security.
 
      (2) Any question whether the exemption mentioned in subsection (1) above is or at any time was required for the purpose there mentioned in respect of any personal data shall be determined by a Minister of the Crown; and a certificate signed by a Minister of the Crown certifying that the exemption is or at any time was so required shall be conclusive evidence of that fact.
 
      (3) Personal data which are not exempt under subsection (1) above are exempt from the non-disclosure provisions in any case in which the disclosure of the data is for the purpose of safeguarding national security.
 
      (4) For the purposes of subsection (3) above a certificate signed by a Minister of the Crown certifying that personal data are or have been disclosed for the purpose mentioned in that subsection shall be conclusive of that fact.
 
      (5) A document purporting to be such a certificate as is mentioned in this section shall be received in evidence and deemed to be such a certificate unless the contrary is proved.
 
      (6) The powers conferred by this section on a Minister of the Crown shall not be exercisable except by a Minister who is a member of the Cabinet or by the Attorney General or the Lord Advocate.
 
Crime and taxation.  28. - (1) Personal data held for any of the following purposes- 
 
 
    (a) the prevention or detection of crime;
 
    (b) the apprehension or prosecution of offenders; or
 
    (c) the assessment or collection of any tax or duty,
  are exempt from the subject access provisions in any case in which the application of those provisions to the data would be likely to prejudice any of the matters mentioned in this subsection.
 
      (2) Personal data which- 
 
 
    (a) are held for the purpose of discharging statutory functions; and
 
    (b) consist of information obtained for such a purpose from a person who had it in his possession for any of the purposes mentioned in subsection (1) above,
  are exempt from the subject access provisions to the same extent as personal data held for any of the purposes mentioned in that subsection.
 
      (3) Personal data are exempt from the non-disclosure provisions in any case in which- 
 
 
    (a) the disclosure is for any of the purposes mentioned in subsection (1) above; and
 
    (b) the application of those provisions in relation to the disclosure would be likely to prejudice any of the matters mentioned in that subsection;
  and in proceedings against any person for contravening a provision mentioned in section 26(3)(a) above it shall be a defence to prove that he had reasonable grounds for believing that failure to make the disclosure in question would have been likely to prejudice any of those matters.
 
      (4) Personal data are exempt from the provisions of Part II of this Act conferring powers on the Registrar, to the extent to which they are exercisable by reference to the first data protection principle, in any case in which the application of those provisions to the data would be likely to prejudice any of the matters mentioned in subsection (1) above.
 
Health and social work.  29. - (1) The Secretary of State may by order exempt from the subject access provisions, or modify those provisions in relation to, personal data consisting of information as to the physical or mental health of the data subject.
 
      (2) The Secretary of State may by order exempt from the subject access provisions, or modify those provisions in relation to, personal data of such other descriptions as may be specified in the order, being information- 
 
 
    (a) held by government departments or local authorities or by voluntary organisations or other bodies designated by or under the order; and
 
    (b) appearing to him to be held for, or acquired in the course of, carrying out social work in relation to the data subject or other individuals;
  but the Secretary of State shall not under this subsection confer any exemption or make any modification except so far as he considers that the application to the data of those provisions (or of those provisions without modification) would be likely to prejudice the carrying out of social work.
 
      (3) An order under this section may make different provision in relation to data consisting of information of different descriptions.
 
Regulation of financial services etc.  30. - (1) Personal data held for the purpose of discharging statutory functions to which this section applies are exempt from the subject access provisions in any case in which the application of those provisions to the data would be likely to prejudice the proper discharge of those functions.
 
      (2) This section applies to any functions designated for the purposes of this section by an order made by the Secretary of State, being functions conferred by or under any enactment appearing to him to be designed for protecting members of the public against financial loss due to dishonesty, incompetence or malpractice by persons concerned in the provision of banking, insurance, investment or other financial services or in the management of companies or to the conduct of discharged or un-discharged bankrupts.
 
Judicial appointments and legal professional privilege.  31. - (1) Personal data held by a government department are exempt from the subject access provisions if the data consist of information which has been received from a third party and is held as information relevant to the making of judicial appointments.
 
      (2) Personal data are exempt from the subject access provisions if the data consist of information in respect of which a claim to legal professional privilege (or, in Scotland, to confidentiality as between client and professional legal adviser) could be maintained in legal proceedings.
 
Payrolls and accounts.  32. - (1) Subject to subsection (2) below, personal data held by a data user only for one or more of the following purposes- 
 
 
    (a) calculating amounts payable by way of remuneration or pensions in respect of service in any employment or office or making payments of, or of sums deducted from, such remuneration or pensions; or
 
    (b) keeping accounts relating to any business or other activity carried on by the data user or keeping records of purchases, sales or other transactions for the purpose of ensuring that the requisite payments are made by or to him in respect of those transactions or for the purpose of making financial or management forecasts to assist him in the conduct of any such business or activity,
  are exempt from the provisions of Part II of this Act and of sections 21 to 24 above.
 
      (2) It shall be a condition of the exemption of any data under this section that the data are not used for any purpose other than the purpose or purposes for which they are held and are not disclosed except as permitted by subsections (3) and (4) below; but the exemption shall not be lost by any use or disclosure in breach of that condition if the data user shows that he had taken such care to prevent it as in all the circumstances was reasonably required.
 
      (3) Data held only for one or more of the purposes mentioned in subsection (1) (a) above may be disclosed- 
 
 
    (a) to any person, other than the data user, by whom the remuneration or pensions in question are payable;
 
    (b) for the purpose of obtaining actuarial advice;
 
    (c) for the purpose of giving information as to the persons in any employment or office for use in medical research into the health of, or injuries suffered by, persons engaged in particular occupations or working in particular places or areas;
 
    (d) if the data subject (or a person acting on his behalf) has requested or consented to the disclosure of the data either generally or in the circumstances in which the disclosure in question is made; or
 
    (e) if the person making the disclosure has reasonable grounds for believing that the disclosure falls within paragraph (d) above.
      (4) Data held for any of the purposes mentioned in subsection (1) above may be disclosed- 
 
 
    (a) for the purpose of audit or where the disclosure is for the purpose only of giving information about the data user's financial affairs; or
 
    (b) in any case in which disclosure would be permitted by any other provision of this Part of this Act if subsection (2) above were included among the non-disclosure provisions.
      (5) In this section "remuneration" includes remuneration in kind and "pensions" includes gratuities or similar benefits.
 
Domestic or other limited purposes.  33. - (1) Personal data held by an individual and concerned only with the management of his personal, family or household affairs or held by him only for recreational purposes are exempt from the provisions of Part II of this Act and of sections 21 to 24 above.
 
      (2) Subject to subsections (3) and (4) below- 
 
 
    (a) personal data held by an unincorporated members' club and relating only to the members of the club; and
 
    (b) personal data held by a data user only for the purpose of distributing, or recording the distribution of, articles or information to the data subjects and consisting only of their names, addresses or other particulars necessary for effecting the distribution,
  are exempt from the provisions of Part II of this Act and of sections 21 to 24 above.
 
      (3) Neither paragraph (a) nor paragraph (b) of subsection (2) above applies to personal data relating to any data subject unless he has been asked by the club or data user whether he objects to the data relating to him being held as mentioned in that paragraph and has not objected.
 
      (4) It shall be a condition of the exemption of any data under paragraph (b) of subsection (2) above that the data are not used for any purpose other than that for which they are held and of the exemption of any data under either paragraph of that subsection that the data are not disclosed except as permitted by subsection (5) below; but the first exemption shall not be lost by any use, and neither exemption shall be lost by any disclosure, in breach of that condition if the data user shows that he had taken such care to prevent it as in all the circumstances was reasonably required.
 
      (5) Data to which subsection (4) above applies may be disclosed- 
 
 
    (a) if the data subject (or a person acting on his behalf) has requested or consented to the disclosure of the data either generally or in the circumstances in which the disclosure in question is made;
 
    (b) if the person making the disclosure has reasonable grounds for believing that the disclosure falls within paragraph (a) above; or
 
    (c) in any case in which disclosure would be permitted by any other provision of this Part of this Act if subsection (4) above were included among the non-disclosure provisions.
      (6) Personal data held only for- 
 
 
    (a) preparing statistics; or
 
    (b) carrying out research,
  are exempt from the subject access provisions; but it shall be a condition of that exemption that the data are not used or disclosed for any other purpose and that the resulting statistics or the results of the research are not made available in a form which identifies the data subjects or any of them.
 
Other exemptions.  34. - (1) Personal data held by any person are exempt from the provisions of Part II of this Act and of sections 21 to 24 above if the data consist of information which that person is required by or under any enactment to make available to the public, whether by publishing it, making it available for inspection or otherwise and whether gratuitously or on payment of a fee.
 
      (2) The Secretary of State may by order exempt from the subject access provisions personal data consisting of information the disclosure of which is prohibited or restricted by or under any enactment if he considers that the prohibition or restriction ought to prevail over those provisions in the interests of the data subject or of any other individual.
 
      (3) Where all the personal data relating to a data subject held by a data user (or all such data in respect of which a data user has a separate entry in the register) consist of information in respect of which the data subject is entitled to make a request to the data user under section 158 of the Consumer Credit Act 1974 (files of credit reference agencies)- 
 
 
    (a) the data are exempt from the subject access provisions; and
 
    (b) any request in respect of the data under section 21 above shall be treated for all purposes as if it were a request under the said section 158.
      (4) Personal data are exempt from the subject access provisions if the data are kept only for the purpose of replacing other data in the event of the latter being lost, destroyed or impaired.
 
      (5) Personal data are exempt from the non-disclosure provisions in any case in which the disclosure is- 
 
 
    (a) required by or under any enactment, by any rule of law or by the order of a court; or
 
    (b) made for the purpose of obtaining legal advice or for the purposes of, or in the course of, legal proceedings in which the person making the disclosure is a party or a witness.
      (6) Personal data are exempt from the non-disclosure provisions in any case in which- 
 
 
    (a) the disclosure is to the data subject or a person acting on his behalf; or
 
    (b) the data subject or any such person has requested or consented to the particular disclosure in question; or
 
    (c) the disclosure is by a data user or a person carrying on a computer bureau to his servant or agent for the purpose of enabling the servant or agent to perform his functions as such; or
 
    (d) the person making the disclosure has reasonable grounds for believing that the disclosure falls within any of the foregoing paragraphs of this subsection.
      (7) Section 4 (3)(d) above does not apply to any disclosure falling within paragraph (a), (b) or (c) of subsection (6) above; and that subsection shall apply to the restriction on disclosure in section 33 (6) above as it applies to the non-disclosure provisions.
 
      (8) Personal data are exempt from the non-disclosure provisions in any case in which the disclosure is urgently required for preventing injury or other damage to the health of any person or persons; and in proceedings against any person for contravening a provision mentioned in section 26(3)(a) above it shall be a defence to prove that he had reasonable grounds for believing that the disclosure in question was urgently required for that purpose.
 
      (9) A person need not comply with a notice, request or order under the subject access provisions if compliance would expose him to proceedings for any offence other than an offence under this Act; and information disclosed by any person in compliance with such a notice, request or order shall not be admissible against him in proceedings for an offence under this Act.
 
Examination marks.  35. - (1) Section 21 above shall have effect subject to the provisions of this section in the case of personal data consisting of marks or other information held by a data user- 
 
 
    (a) for the purpose of determining the results of an academic, professional or other examination or of enabling the results of any such examination to be determined; or
 
    (b) in consequence of the determination of any such results.
      (2) Where the period mentioned in subsection (6) of section 21 begins before the results of the examination are announced that period shall be extended until- 
 
 
    (a) the end of five months from the beginning of that period; or
 
    (b) the end of forty days after the date of the announcement,
  whichever is the earlier.
 
      (3) Where by virtue of subsection (2) above a request is complied with more than forty days after the beginning of the period mentioned in subsection (6) of section 21, the information to be supplied pursuant to the request shall be supplied both by reference to the data in question at the time when the request is received and (if different) by reference to the data as from time to time held in the period beginning when the request is received and ending when it is complied with.
 
      (4) For the purposes of this section the results of an examination shall be treated as announced when they are first published or (if not published) when they are first made available or communicated to the candidate in question.
 
      (5) In this section "examination" includes any process for determining the knowledge, intelligence, skill or ability of a candidate by reference to his performance in any test, work or other activity.
 
 
 
previous section contents continue other acts Her Majesty's Stationery Office home page
 
We welcome your comments on this site
 © Crown copyright 1984
Prepared 6 March 1997