Local authorities should tread carefully when putting information about planning applications online to avoid falling foul of data protection laws, new guidance warns.
Councils who publish details such as a planning applicant's telephone number on their website could be in breach of the Data Protection Act. As part of the local eGovernment agenda, councils are being asked to make information from their planning and building control registers and databases available on their websites. By December 2005, members of the public are expected to be able to submit and track the progress of applications online.
However this will also lead to some personal information about individuals being published on the internet, carrying serious data protection implications.
Similarly, if a council decides to withhold certain information relating to an application, it could be open to charges of maladministration.
PARSOL, the Planning and Regulatory Service On-Line National Project, has issued guidance to help councils navigate the legal minefield of e-enabling their planning services.
The 24-page document was produced with the Information Commissioner's Office and the Director of E-Planning at the Office of the Deputy Prime Minister.
Among the points made is that "councils need to take care to avoid any unnecessary disclosure of applicants' telephone numbers and email addresses, which are not part of the planning register." This may require authorities to mask details on their online applications databases or even edit electronically-submitted documents to remove any sensitive information.
According to the guidance, councils should make planning applicants and agents aware that their information will go on the internet. This applies again to anyone who submits comments on planning applications.
Under data protection principles, councils also need to have procedures in place to help ensure that personal data published on the web cannot be maliciously altered, for example by hackers.
The document states while "in respect of the processing of personal data... following this guidance may not guarantee compliance with the Data Protection Act", the fact that it has been followed will be taken into account by the Information Commissioner.
Quelle: eGov monitor, 12.05.2005
