Thank you for your letter of 27 January asking whether publication of flood risk information on the Environment Agency's website, if accessed by keying in a postcode, would breach the Data Protection Act.

The first question to address is whether the combination of flood risk information and postcode constitute personal data. On this point we have previously been asked for advice by the Agency. We take the view that while "raw" geographic information about flooding history is not personal data it is capable of relating to a living individual and so coming within the definition. Context will therefore determine in any particular case whether the flooding information together with other information makes it personal data. From what I have been able to understand from the evidence you enclosed and from earlier correspondence with the Agency, postcode is the only other element intended to be linked with the flood risk data. If that is so it is unlikely to come within the definition of personal data, although there may be some instances where postcodes are sufficient to identify an individual.

  Even if the Environment Agency were providing information from which a living individual could be identified this would not necessarily preclude publication of the data. The Data Protection Act need not prevent processing, which includes the disclosure, of personal data if there are legitimate grounds for it.

  On the information available to me, I see no reason why the Data Protection Act should be a barrier to the sort of publication scheme envisaged. I should be happy for my staff to discuss any outstanding concerns with the Agency. I am therefore copying this reply to the Chief Executive.

Elizabeth France

Data Protection Registrar