GUIDANCE
The Public Sector
Equality Duty
and Data Protection
Equality and Human Rights Commission
www.equalityhumanrights.com
The Public Sector Equality Duty and Data Protection
Foreword
It is extremely important that public authorities understand their data protection
obligations when collecting and using personal data, particularly where much of this
is sensitive. I was pleased to be invited to work with the Equality and Human Rights
Commission on developing some further guidance about data protection compliance
considerations in relation to the public sector equality duty (‘the duty’) in England.
Ensuring that both these important public policy objectives can be achieved in
practice is vital and I am glad to be able to contribute a foreword to this new
guidance.
I warmly welcome the publication of this guidance, which will provide helpful
clarification to public authorities about the data protection matters they should
consider when determining how to achieve compliance with the duty. The guidance
explains that authorities should have a clear rationale for the collection and use of
personal data and that they should consider how they can minimise risks to privacy. I
am confident this guidance will prove to be a valuable source of advice for public
authorities. Following it will help to ensure they adopt a proportionate approach to
complying with the duty.
Christopher Graham
Information Commissioner
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
2
The Public Sector Equality Duty and Data Protection
Introduction
This guidance is designed to explain the relationship between the public sector
equality duty (‘the duty’) and the Data Protection Act 1998 (‘the DPA’). It provides
advice for public authorities in England that are legally required to publish equality
information.1 It will also be helpful for authorities when they collect and use data
about people sharing particular protected characteristics (sometimes called ‘equality
monitoring’) in order to build an evidence base to support compliance with the duty.
This document supplements the range of guidance materials on the duty published
by the Equality and Human Rights Commission (‘the Commission’).
You may find it helpful to read this guidance alongside the Commission’s Technical
Guidance on the Public Sector Equality Duty, Essential guide to the Public Sector
Equality Duty and general guidance on Equality information and the equality duty.
The Equality Act 2010 (Specific Duties) Regulations 2011 require public authorities to ‘publish information to
demonstrate its compliance with the duty…’.
1
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
3
The Public Sector Equality Duty and Data Protection
Guidance
The public sector equality duty
The public sector equality duty consists of a general duty and specific duties. The
general duty is set out in Section 149 of the Equality Act 2010. It applies to public
authorities and other organisations when they are carrying out public functions. The
general duty covers the following protected characteristics: age, disability, gender
reassignment, pregnancy and maternity, race, religion or belief, sex and sexual
orientation. It also covers marriage and civil partnership with regard to discrimination
in the workplace.
In summary, authorities subject to the general duty must, in the exercise of their
functions, have due regard to the need to:

eliminate unlawful discrimination, harassment and victimisation and other conduct
prohibited by the Act

advance equality of opportunity between people who share a protected
characteristic and those who do not

foster good relations between people who share a protected characteristic and
those who do not.
These are often referred to as the three aims of the general duty.
What the general duty requires in relation to information
Although there is no explicit legal requirement under the general duty to collect and
use equality information, in order to have due regard to the aims of the general duty,
public authorities must understand how the impact of their policies and practices
differs with respect to those with particular protected characteristics. Collecting and
analysing equality information (including information from engagement with people
sharing protected characteristics where relevant) can be an important way of
authorities developing this understanding. However, public authorities should always
use a proportionate approach to collecting personal information.
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
4
The Public Sector Equality Duty and Data Protection
What the specific duties require in relation to information
The specific duties are steps that certain public authorities must take. They are
intended to help them meet the general duty.
English public authorities that are listed2 must publish information to demonstrate
their compliance with the general duty.

All listed authorities (except schools and pupil referral units) were required to do
this by 31 January 2012, and at least annually thereafter.

Schools and pupil referral units were required to do this by 6 April 2012, and at
least annually thereafter.
This must include information relating to people who share a protected characteristic
who are:

its employees (for authorities with 150 staff or more)

people affected by its policies and practices (for example, service users).
The information must be published in a manner that is accessible to the public. This
requirement may be satisfied by publishing the information within another document,
such as an annual report. Subject to exceptions which are explained below,
information which identifies individuals should not be published. This includes both
direct references to individuals and also information which, when used alongside
other information, may allow someone to be identified.
The Data Protection Act
The Data Protection Act 1998 (the DPA) is based on eight principles of good
information handling.3 These give people specific rights in relation to their personal
information4 and they place certain obligations on those organisations that are
responsible for processing it.
2
The list is set out in Schedule 1 to the Equality Act 2010 (Specific Duties) Regulations 2011.
3
Schedule 1 to the Data Protection Act 1998.
4
Personal information means data relating to a living individual who can be identified from those data, or from
those data and other information which is in the possession of, or is likely to come into the possession of, the
data controller.
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
5
The Public Sector Equality Duty and Data Protection
The eight principles of data protection
1. Personal data shall be processed fairly and lawfully and, in particular, shall not
be processed unless —
a. at least one of the conditions in Schedule 2 is met, and
b. in the case of sensitive personal data, at least one of the conditions in
Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful
purposes, and shall not be further processed in any manner incompatible with
that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the
purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for
longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects
under this Act.
7. Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental
loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the
European Economic Area unless that country or territory ensures an adequate
level of protection for the rights and freedoms of data subjects in relation to the
processing of personal data.
More information about the principles of data protection and on the conditions for
processing data under the DPA can be found in The Guide to Data Protection
published by the Information Commissioner’s Office.
How the DPA applies to equality monitoring and equality information
The DPA does not prevent public authorities from processing personal data for the
purposes of the general or specific duties. However, it is important that any
processing is in line with the eight data protection principles. Processing personal
data must fulfil at least one of the conditions under Schedule 2 to the DPA – for
example, the processing is necessary for the exercise of statutory functions, or the
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
6
The Public Sector Equality Duty and Data Protection
individual concerned has consented to the processing.5 For sensitive personal data,
at least one of the conditions under Schedule 3 must also be met. Examples of these
conditions include: exercising statutory functions, or fulfilling requirements to monitor
equality of opportunity.6
The DPA defines as ‘sensitive’ any personal information relating to religious beliefs,
political opinions, racial or ethnic group, physical or mental health or condition and
sexual orientation. Information about a person’s transgender status also falls within
this definition.7 Sensitive personal information needs to be treated with greater care
than other personal data. As a result, where sensitive personal information is
involved, public authorities must satisfy one of the conditions for processing which
apply specifically to this type of information, as well as one of the general conditions
(which apply in every case).
Summary
The DPA does not prevent public authorities from processing personal data as is
required in order to carry out either obligations under the specific duty to publish
equality information, or equality monitoring to help them comply with the general
duty. Much of this personal data is likely to be sensitive personal data and,
accordingly, public authorities are required to take extra care when processing it.
5
In summary, the conditions under Schedule 2 of the DPA are that: the individual in question has consented to
the processing; or the processing is necessary in relation to a contract with the individual; or to meet a legal
obligation; or to protect the individual in a life or death situation; or for administering justice, or for exercising
statutory, governmental, or other public function; or the processing meets the ‘legitimate interests’ condition.
More information is available in the ICO’s Guide to Data Protection.
6
In summary, the conditions under Schedule 3 of the DPA include: the individual in question has given explicit
consent or has deliberately made the information public; the processing is necessary to comply with employment
law, for legal proceedings or for establishing legal rights, administering justice, or exercising statutory or
governmental functions; the processing is necessary to protect a person in a life or death situation, or for medical
purposes provided it is undertaken by someone subject to a professional duty of confidentiality; or it is necessary
for monitoring equality of opportunity, and is carried out with appropriate safeguards. More information is
available in the ICO’s Guide to Data Protection.
7
The Gender Recognition Act 2004 provides that where a person holds a gender recognition certificate, they
must be treated according to their acquired gender.
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
7
The Public Sector Equality Duty and Data Protection
Collecting personal information for public sector equality duty
purposes
Collecting equality information gives public authorities an understanding of the
impact of their policies and practices on people who share particular protected
characteristics. However, public authorities must make sure that any personal
information they collect is necessary to meet their obligations under the general duty.
They should also be clear how the information will be used. Overall, public
authorities should take a proportionate approach: they should always consider
whether the same results could be achieved with fewer risks to privacy.
In addition to equality information collected by the public body itself, other sources of
information may be relevant to understanding the impact of their functions on people
with particular protected characteristics. Examples of these include: national studies,
sector reports, and reports published by organisations such as the Commission
which offer expert advice and guidance. The Commission’s guidance on Equality
information and the equality duty provides examples of additional information
sources that may be useful.
Essential tips for staying within the law and adopting good practice

Before collecting information, be clear about what you need to collect and how
you will use it.

Consider whether using other information may achieve similar objectives while
avoiding or reducing risks to privacy. In particular, consider information that
cannot be used to identify individuals.

Collect and retain only the minimum amount of personal information that is
required and be prepared to justify why it is needed.

Anonymise personal information where possible and as soon as possible, only
using where absolutely necessary any information that identifies an individual (the
public sector equality duty is very unlikely to involve you publishing such
information).

Ensure monitoring forms give a guarantee of privacy that is easy to understand.

Be clear to individuals about the reasons for monitoring. Explain whether they are
obliged to provide personal information for monitoring. For example, any
monitoring form included with a job application should make clear that the
applicant does not have to provide this information.
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
8
The Public Sector Equality Duty and Data Protection

Make sure individuals are aware of their rights under the DPA and ensure that
they know how to get a copy of any personal information that was collected about
them for monitoring purposes.

Tell individuals how your monitoring will operate. Do not use their information for
other purposes if they have only provided it for monitoring.

Review personal information regularly to check whether it is still needed for
monitoring purposes.

Put in place a policy explaining how long personal information should be kept;
how it will be disposed of and procedures for secure disposal.

Put in place a clear security policy and check it is followed and kept up to date.
Tell individuals what measures are in place to protect their information and let
them know about any significant changes that occur.

Make sure that only staff members who need to view personal information are
given access to it and that they are trained how to use it properly. For example,
restrict access to staff with responsibility for monitoring equality rather than
allowing access for all human resource staff.
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
9
The Public Sector Equality Duty and Data Protection
Further information
Penalties for breaching the DPA
For serious breaches of the DPA, the Information Commissioner can impose a
financial penalty up to a maximum of £500,000.
More information about data anonymity
Anonymisation is the process of converting data into a form where the identification
of individuals is unlikely to take place. The Information Commissioner’s Office has
published a Code of Practice on this, entitled Anonymisation; managing data
protection risk. This covers the anonymisation of personal information and the
disclosure of data once it has been anonymised. The Code is illustrated by case
studies and examples of anonymisation techniques.
More information about the public sector equality duty
You can find out more about the duty at the Equality and Human Rights
Commission's website.
More information about equality monitoring in employment
Appendix 2 of the Commission's Statutory Code of Practice for Employment provides
guidance on equality monitoring in the workplace. The guidance may also be
relevant to equality monitoring of service users.
The relationship between the DPA and freedom of information
As well as responding to requests for information, you must publish information
proactively. The Freedom of Information Act requires every public authority to have a
publication scheme, and to publish information covered by the scheme. The
Information Commissioner’s Guide to Freedom of Information explains how the
Freedom of Information Act 2000 affects data protection.
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
10
The Public Sector Equality Duty and Data Protection
Contacts
This publication and related equality and human rights resources are available from
the Commission’s website: www.equalityhumanrights.com
For advice, information or guidance on equality, discrimination or human rights
issues, please contact the Equality Advisory and Support Service, a free and
independent service.
Website
www.equalityadvisoryservice.com
Telephone
0808 800 0082
Textphone
0808 800 0084
Hours
09:00 to 20:00 (Monday to Friday)
10:00 to 14:00 (Saturday)
Post
FREEPOST Equality Advisory Support Service FPN4431
Questions and comments regarding this publication may be addressed to:
correspondence@equalityhumanrights.com. The Commission welcomes your
feedback.
Alternative formats
This report is available as a PDF file and as a Microsoft Word file from
www.equalityhumanrights.com. For information on accessing a Commission
publication in an alternative format, please contact:
correspondence@equalityhumanrights.com
ISBN: 978-1-84206-610-2
© 2015 Equality and Human Rights Commission
Published March 2015
Equality and Human Rights Commission · www.equalityhumanrights.com
Published March 2015
11