Freedom of information and data protection

Guide to information available through our publication scheme

The Freedom of Information (Scotland) Act 2002 (the Act) requires Scottish public authorities to produce and maintain a publication scheme. Authorities are under a legal obligation to:

  • publish the classes of information that they make routinely available
  • tell the public how to access the information and what it might cost.

The Scottish Law Commission has adopted the Model Publication Scheme 2011 produced by the Scottish Information Commissioner. He has approved this scheme until 31 May 2019.

The purpose of this Guide to Information is to:

  • allow the public to see what information is available (and what is not available) in relation to each class,
  • state what charges may be applied
  • explain how to find the information easily
  • provide contact details for enquiries and to get help with accessing the information
  • explain how to request information we hold that has not been published

Availability and formats

The information we publish through the model scheme is, wherever possible, available on our website. We offer alternative arrangements for people who do not want to, or cannot, access the information online or by inspection at our premises. For example, we can usually arrange to send information to you in paper copy (although there may be a charge for this).

Exempt information

We will publish the information we hold that falls within the classes of information below. If a document contains information that is exempt under Scotland’s freedom of information laws (for example sensitive personal information or a trade secret), we will remove or redact the information before publication and explain why.

Copyright

Where the Commission holds the copyright in its published information, the information may be copied or reproduced without formal permission, provided that:

  • it is copied or reproduced accurately
  • it is not used in a misleading context, and
  • the source of the material is identified

The material we publish is usually subject to Crown copyright.  You may re-use this information (excluding logos) free of charge in any format or medium, under the terms of the Open Government Licence. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open-government-licence/ or email: psi@nationalarchives.gsi.gov.uk.

Where the Commission does not hold the copyright in information we publish, we will make this clear.  Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

Charges for the information

Website – there is no charge for the information that is available on our website.

Email – there is no charge for information that is provided electronically.  your request for information.  Include the words "publication scheme" in the subject heading.

Post – If you ask for information that is available on our website to be provided in paper format, it may be necessary to make a charge.  Each case is considered separately.  For example, there may be a charge of 10 pence per page if a large amount of photocopying is required, or if the cost of postage is high.  We would tell you how much it would cost to provide paper copies of the information you have requested.

Contact us

You can contact us for assistance with any aspect of this publication scheme:

Freedom of Information

Scottish Law Commission

140 Causewayside

Edinburgh EH9 1PR

Tel 0131 668 2131

email:

We will also advise you how to ask for information that we do not publish or how to complain if you are dissatisfied with any aspect of this publication scheme.

Classes of information that we publish

We publish information that we hold within the following classes.  Once information is published under a class, we will continue to make it available for the current and previous two financial years. Where information has been updated or superseded, only the current version will be available.  If you would like to see previous versions, you may make a request to us for that information.

  • about the Commission
  • how we deliver our functions and services
  • how we take decisions and what we have decided
  • what we spend and how we spend it
  • how we manage our human, physical and information resources
  • how we procure goods and services from external providers
  • how we are performing
  • our commercial publications

Data protection

Data Protection Act 1998

The Data Protection Act 1998 provides for the regulation of the processing of information relating to individuals including the obtaining, holding, use or disclosure of such information.  It concerns the security of personal information and the rights of individuals to access information held about them.

Under the 1998 Act an authority must only collect personal information which is needed to carry out its functions, must keep it secure and ensure that it continues to be relevant and up to date.  An authority must only hold as much personal information as it needs for business purposes and must not retain it any longer than is necessary for those purposes.  A person who is the subject of any information must be given access to it on request.

The Scottish Law Commission needs to collect, process and hold certain personal information in connection with carrying out its functions.  The Commission has a policy on handling personal data in line with the 1998 Act.  See our Data Protection Policy Statement.

Data protection principles

The Data Protection Act 1998 sets out 8 principles relating to personal data.  The principles are that-

(1)        personal data must be processed fairly and must not be processed unless certain conditions are met;

(2)        personal data must be obtained for specified and lawful purposes and must not be further processed in a manner which is incompatible with those purposes;

(3)        personal data must be adequate, relevant and not excessive in relation to the purposes for which they are processed;

(4)        personal data must be accurate and where necessary, kept up to date;

(5)        personal data must not be kept for longer than is necessary;

(6)        personal data must be processed in accordance with the rights of data subjects under the 1998 Act;

(7)        appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;

(8)        personal data must not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Meaning of “personal data” and “sensitive data”

Section 1(1) of the 1998 Act defines “personal data” as “data which relate to a living individual who can be identified-

(a)        from those data, or

(b)        from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

Certain personal data relating to an individual (“the data subject”) is subject to stricter regulation under the 1998 Act.  Section 2 of the 1998 Act defines the meaning of “sensitive personal data” as personal data consisting of information as to:

(a)        the racial or ethnic origin of the data subject;

(b)        his personal opinions;

(c)        his religious beliefs or other beliefs of a similar nature;

(d)        whether he is a member of a trade union;

(e)        his physical or mental health or condition;

(f)         his sexual life;

(g)        the commission or alleged commission by him of any offence;

(h)        any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.”

Registration with the Information Commissioner

The Commission is registered under the 1998 Act with the Information Commissioner, who is responsible for the protection of personal information across the UK.  The Information Commissioner maintains a Register of Data Controllers (https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/)

A copy of the Commission’s registration is available on the Information Commissioner's website at https://ico.org.uk/ESDWebPages/Search?EC=1.  Please enter the Commission’s name and address in the search box.

Making a subject access request

The Data Protection Act 1998 gives individuals who are the subject of personal data a right of access to personal data about them held by organisations.

You can request information that the Commission holds about you by making a Subject Access Request.  Your request must be in writing and should be sent to us

  • by e-mail to:

info@scotlawcom.gsi.gov.uk 

  • or by post to:

Chief Executive

Scottish Law Commission

140 Causewayside

Edinburgh

EH9 1PR.

 As required by the 1998 Act, we will respond to your request within 40 calendar days of receiving it.