One of the categories they can claim for is Data Protection Registration, and reassuringly, 94 claims were made for this in financial year 2007-2008. I say claims, because only 93 MSPs claimed but Bill Wilson claimed twice, in February 2007 and November 2007. I’m not entirely sure how a claim for February 2007 can appear in results for a financial year that started in April 2007.
However there are 129 MSPs, which means 36 didn’t claim for this expense. When you register as a Data Controller, you have to pay £35 annually. So those 36 MSPs haven’t registered, or have incorrectly claimed the £35 expense in a different category, or have paid the fee but just not claimed for it.
So, can we find out which MSPs haven’t registered with the Information Commissioner?
Conveniently, the ICO has a search form for the Data Protection Public Register. Typing in MSP will give you almost 80 names straight away. To find the rest it’s a case of plugging in the names. Some have variations on how they’ve spelled their name, but eventually I got down to a list of eight names I couldn’t find:
|Andy Kerr||Labour Party||East Kilbride|
|Bruce Crawford||Scottish National Party||Stirling|
|Elizabeth Smith||Conservative||Mid Scotland and Fife|
|Jim Mather||Scottish National Party||Argyll and Bute|
|Joe Fitzpatrick||Scottish National Party||Dundee West|
|Margaret Curran||Labour Party||Glasgow Baillieston|
|Nicola Sturgeon||Scottish National Party||Glasgow Govan|
|Nigel Don||Scottish National Party||North East Scotland|
It might be that these MSPs have registered under a different name that I’ve not searched for, or there’s been a typo when the details have been entered into the system.
Let’s cross-check those eight names against the list of names who claimed expenses, and see which of those eight have claimed:
- Andy Kerr, January 2008
- Bruce Crawford, November 2007
- Elizabeth Smith, January 2008
- Joe Fitzpatrick, October 2007
- Margaret Curran, January 2008
- Nicola Sturgeon, June 2007
- Nigel Don, October 2007
So they all claimed except for Jim Mather. I’m going to give them the benefit of the doubt, and assume they are correctly registered with the ICO, and for some reason I’m just not having any luck finding them on the Data Protection Public Register.
MSPs, MPs, MEPs and Councillors are basically obliged to register as Data Controllers. Some information I’ve found on the ICO site confirms this:
Organisations or individuals that process personal information covered by the Act may need to notify the Commissioner about their processing. A description of the processing activities is placed on a public register of notifications. These organisations or individuals must also comply with eight data protection principles which together form a framework for the proper handling of personal information. Individuals whose personal information is processed have rights under the Act, for example, to a copy of the information that is held about them.
When elected members represent residents of their ward, they are likely to have to notify in their own right, for example, if they use personal information to timetable surgery appointments or take forward complaints made by local residents.
The Data Protection Act contains a number of criminal offences including:
When someone is required to notify and does not do so. For example, a councillor who holds computerised records of constituents’ details for casework purposes, would commit an offence if they had not notified this use of personal information.
Someone should be checking these eight MSPs to make sure they have been correctly registered with the ICO. If you are a constituent of any of these MSPs, you might want to use the excellent WriteToThem.com to ask your MSP what name they have registered with the Information Commissioner.