Out-Law News | 04 Aug 2006 | 12:25 pm | 1 min. read
The judgment clashes with a recent verdict which seemed to define personal information very narrowly, according to a lawyer specialising in data protection law. Sue Cullen, of Pinsent Masons, the law firm behind OUT-LAW, said that the Rooney case depended on a fairly broad definition of personal information.
A previous case had involved an individual, Michael Durant, who sought to use the Data Protection Act to obtain copies of information held about himself by the Financial Services Authority (FSA). Cullen said that in that case the definition of what constituted personal information was much more narrowly drawn than in Rooney's case.
"When it was someone looking for information from the FSA it was a narrow definition: the court said 'no, that is not personal information'," said Cullen. "But when it is a criminal case involving misuse of personal data the court used a very wide definition of personal data, which is interesting."
Rooney worked in human resources for Staffordshire Police where she had access to personal information about employees which the force needed for police-related purposes. Rooney's sister was in a relationship with one of the police officers, Adam Syred.
When that relationship broke down and Syred moved in with another officer Rooney looked up the couple's address and told her sister that they had moved to Tunstall. The sister then telephoned Syred to say that she knew about the move.
Rooney argued that although she had checked the information on the system it was as part of her duties and that she did not pass the information on to her sister. A jury at Birmingham Crown Court convicted her and she appealed. The Criminal Appeals Court has just dismissed her appeal.
Cullen said that this judgment appeared to clash with that in the case of Durant, who lost his case in 2003. In that case he sought copies of information held on him by the FSA. The court found in the FSA's favour, supporting its case for a narrow interpretation of what constitutes personal data, and therefore a lighter information provision burden for organisations.