> From: "Roger Cook" <[log in to unmask]>
> Sent: Friday, October 13, 2000 2:23 PM
> Subject: Re[2]: YOT query
>
> >  I'm not sure whether it's me or the rest of the correspondents on this
> >  subject who are missing the point.
> >  Consider what is meant by "disclosure".  In the example quoted, the
> >  assumption seems to be that the disclosure will be the whole of the
case
> >  history including the court appearance and sentence (assuming guilt).
If
> >  such an example arose, the appropriate response would be to consider
what
> >  might be the minimal amount of data that could reasonably be disclosed.
> >  Note the use of the legal term "reasonable".
> >  Perhaps I an can draw an analogy here.  We keep a computer data base
> about
> >  individuals who might pose a threat to a Council employee or Member.
> That
> >  threat might arise from any number of causes.  The data is kept by the
> H&S
> >  Officer and is highly confidential.  The procedure is that if a member
of
> >  staff is at all concerned about making a home visit, they call the H&S
> >  Officer and quote an address.  His response to the query is limited to
a
> >  simple statement of the risk element, e.g. "advise single females not
to
> >  visit".  The reason why this risk assessment has been made is not
> >  disclosed.  The householder might simply be a misogynist or he could be
a
> >  multiple rapist. The point is that the risk has been assessed and a
> >  measures and appropriate response given.  This is "reasonable" in the
> >  context of the whole transaction.
> >  To come back to the school example, they could be told by the YOTS team
> >  that handling money might be problematic without telling the school
that
> >  their pupil has be done for a bank hold-up!  Similarly, YOTS could
advise
> >  against working in a APH if the pupil had been mugging old ladies.  In
> >  neither case does the school know anything more than is strictly
> necessary
> >  and the pupil's rights have not been infringed.  Not only that but the
> >  YOTS team has carried out its responsibilities to the pupil and to the
> >  community at large.

----- Original Message -----
From: "Ian Welton" <[log in to unmask]>
Sent: Saturday, October 14, 2000 1:55 PM
Subject: Re: Re[2]: YOT query

> Data which is adequate relevant and not excessive for the purpose it is
> provided, with a use known by the data subject, clearly supporting both
> sides of the public v private divide.  Sounds a good data protection fix.
> Timing and accuracy will also be important in such disclosures.
> Consider :
> Young female receiving malicious, sexually explicit and upsetting phone
> calls at home from what sounds like young child.  Calls continue over a
> period of time.  Caller deals in same manner with mother of the house
being
> called.
> Premises phone calls originate from traced.  Proof of individual who
> originated not yet available.  Some information known but disclosure not
yet
> possible to the victim or the victims school.  Victim demanding
information,
> school wanting information.
> Premises phone calls originate from could be home address of offender,
> address of friend of offender, or some other premises the offender has
> access to.
> Only such disclosure as is necessary in order not to significantly
prejudice
> the apprehension and prosecution of the offender, or prevention and
> detection of crime may take place.  That information  will not be all of
the
> file but only that which is necessary to disclose in order not to
> significantly prejudice...
> Timing and accuracy, as well as adequacy, relevance and excessivness are
> dealt with in this situation.
> As Roger intimates above is it not necessary to remove the emotional
values
> from all those involved in the situation as a means of reaching a robustly
> defendable and DP compliant answer?

=

The discussions above, together with KITLegals contribution 14/10/00 08:11
a.m. have firmed out a thought on this. (Apologies for using your e-mail
address in the same way as a name Ian, but to use Ian would just confuse
matters - Ian)

Are we not all actually discussing the wrong issue.
Is the real issue not Principles 3 and 4 but more a matter of Principles 1
and 2.

In the example Roger gives data is collected by a council in an attempt to
assure the Health and Safety (H&S) of its employees.
In the example given by myself data is collected by a police officer during
the investigation of an alleged crime.
The points that KITLegal makes relate to adequacy for purpose.

When attempts to exchange data between different purposes occurs, will
misinterpretations of what that data indicates not always exist?
At a simple level is that not what happens when facts in one area turn up as
misleading gossip in another.

The DPA's have both attempted to deal with this matter by relating the
collection and use of data to a purpose.  The DPA 1998 may even eventually
extend this by the wording of Principle 6 and the impact of the HRA.

Taking it as given that all organisations maintain their warnings on
addresses and individuals to the level that the credit reference industry
do, and that their data are fully fit for the purpose the data is collected
for, is it not possible that some of the conflicts and tensions created when
requests for data exchange or disclosure arise, is as a result of the
different interpretations and differing needs at the point of collection?

Is the individual who has assaulted a police officer in the process of
resisting arrest likely to assault a welfare worker who is attempting to
arrange benefits or other welcome help?
Is a person at an address from which a malicious phone call was made the
person who made that call?
Is the adequacy of information held by the a none legal organisation always
sound enough to support a criminal prosecution?

All organisations can potentially, in many circumstances, disclose
information quite lawfully under the DPA to other organisations and persons
using the data for the same purpose, but we can probably all identify times
when it would be wrong to the data subject to do so.

When to disclose appears to be the important element, that time may well
only be "when, or if the data is fit, for the purpose, and the context, it
is requested."

Hope that is clear.

Have I gone of at a tangent?
Does it explain some of the difficulties we all experience, or is it just
more mud?


Ian






%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%