Freedom of Information and Data Protection issues

Freedom of Information and Data Protection issues

Everyone who deals with personal information in a Member’s office has responsibility for the personal data that they handle for the Member, and must comply with the rules of the Data Protection Act 1998 (DPA).  The majority of this personal information will relate to constituency casework, but it includes information about any identifiable individuals, such as staff and volunteers.  Parliamentary privilege does not exempt Members of Parliament from complying with the DPA with respect to constituency casework, and the requirements of the Act must be observed.

The DPA lays down eight key principles for the handling of personal information, and outlines certain conditions that must be met before personal data can be processed. These conditions are even stricter if sensitive personal data (e.g. health information) is to be processed. However, the DPA is not there to add unnecessary bureaucracy or to prevent you from doing the right thing. It is a legal framework which can benefit you and constituents and facilitate effective and well-organised casework.

Useful guidance on data protection can be found in the booklet entitled Advice for Members and their staff Data Protection Act 1998: Personal information about constituents and others’ which can be found here:  This booklet contains good office practice suggestions to assist in complying with the Data Protection Act and explains, in detail, the three key obligations:

  • Registering with the Information Commissioner’s Office
  • Abiding by the data protection principles
  • Allowing people to exercise their rights.

NB: the first obligation which must be complied with is registering with the Information Commissioner’s Office.  This should be done as soon as possible.  See the guidance booklet above for a guide on how to do this.

Be careful how you use constituents’ email addresses for political campaigning. According to advice from the Information Commissioner, you need to gain their consent before contacting them with routine newsletters and offer them an opportunity to object. See the guidance link below:

Requests for access to information

If your Member receives a request from an individual for access to personal information about themselves, then you must consider the request under the DPA.  Guidance on this is available in the booklet referred to above.

If the request is for any other information, you are not obliged to provide it.

The Freedom of Information Act 2000 (FOIA) only applies to public authorities, and Members of Parliament are not public authorities for the purposes of FOIA. The Member can choose to provide information voluntarily if it is felt that it is reasonable and appropriate to do so. You may also refer the requester to a public authority that does hold the information.

The House of Commons and the Independent Parliamentary Standards Authority (IPSA) are both public authorities for the purposes of the FOIA. This applies to information that they hold in their own right about Members. However, it does not apply to information held by Members regarding their Parliamentary and constituency capacities which is stored physically or electronically at the House of Commons.

Further guidance on the rights of access under FOIA and DPA can be found in section 3 of the booklet referred to above.

For general information and guidance on Freedom of Information, Data Protection and Information Security, see:

For further Data Protection guidance for Members, see:

You might also find useful our guide ‘Protocol clarified on representing constituents‘.

This guide is provided by Working for an MP (w4mp). Most of the material in Guides is subject to Crown copyright protection. Unless otherwise indicated material may be reproduced free of charge in any format or media without specific permission. This is subject to the material being reproduced accurately and not being used in a derogatory manner or in a misleading context. For more details see our Copyright page

A Working for an MP Guide
Data Protection
First Published 7 May 2010 w4mp
Last Updated 20 March 2014 w4mp
Last Reviewed 1 January 2014 w4mp
Unamended version copied from old Guide