Do the basic issues in question not throw a very clear light on this:-
Do we live in a secret society where information can be generated and held
about you without your knowledge?
Or do we live in an open society where the legislation provides rights of
access to data held about you?
Ian
----- Original Message -----
From: Lucinda Bennett <[log in to unmask]>
To: nrc4 <[log in to unmask]>
Cc: <[log in to unmask]>
Sent: Friday, March 24, 2000 3:09 PM
Subject: Re: Confidential References
> Message-ID: <[log in to unmask]>
> Disposition-Notification-To: Lucinda Bennett <[log in to unmask]>
> Priority: NORMAL
> X-Mailer: Execmail for Win32 Version 5.0.1 Build (55)
> MIME-Version: 1.0
> Content-Type: Text/Plain; charset="us-ascii"
>
>
> > Hope this helps. I'm trying to clarify the position when
> > a reference is provided on behalf of an institution to the
> > same institution!
>
> Yes, I had wondered about this aspect too.
>
> Lucinda
>
> On Fri, 24 Mar 2000 15:03:45 +0000 nrc4 <[log in to unmask]>
> wrote:
>
> > I have taken advice from the Data Protection Commissioner's Senior
> > Compliance Manager re references - he told me:-
> >
> > 'In the hands of the referee references are exempt from the subject
> > access provisions of the Act. However, when received from a third party
> > the exemption does not apply. Of course, in many cases a reference will
> > identify other data subjects, particularly if the reference has been
> > written by an individual rather than an organisation. In those
> > circumstances the data controller should first of all seek permission of
> > the third party. If permission to disclose the information of the data
> > subject is withheld, then in most cases the data controller should
> > remove that part of the reference which identifies the third party. In
> > some rare circumstances the Act envisages that it will be proper to
> > disclose the third party information even without consent. (See also
> > Section 7 of the Act.)
> >
> > Clearly in many cases an individual will be able to guess the identity
> > of the referee from the reference itself. While this may be the case, a
> > data controller is only entitled to remove that information which
> > actually identifies the referee. It will be very rare that a controller
> > will be justified in withholding the whole of a reference in response to
> > a subject access request.'
> >
> > Hope this helps. I'm trying to clarify the position when a reference is
> > provided on behalf of an institution to the same institution!
> >
> > Nadine Cleaver
> > DP Co-ordinator
> > University of York
> >
> > Lucinda Bennett wrote:
> > >
> > > Colleagues
> > >
> > > I wonder if anyone could enlighten me with regards to the
> > > thorny issue of confidential references. My understanding
> > > is that if a conf ref is given for specified purposes then
> > > the giver is not obliged to disclose it to the data subject
> > > under a subject access request, but that the data subject
> > > may be able to obtain a copy from the recipient. However,
> > > in discussions with a solicitor recently, his interpretation
> > > was different: that a confidential reference given for
> > > specified purposes will remain confidential even if the
> > > data subject approaches the recipient for a copy.
> > >
> > > I have checked out the DPO booklet and it concurs with the
> > > the former view set out above, as does a number of other
> > > documentation, as does this mailbase group. However, I
> > > have looked at the Act itself and the wording is somewhat
> > > ambiguous and, having thought about the matter in the light
> > > of the solicitor's comments, it could be argued that the
> > > latter point above may be correct. The Act itself states
> > > as follows:-
> > >
> > > 1. Personal data are exempt from section 7 if they consist
> > > of a reference given or to be given in confidence by the
> > > data controller for the purposes of-
> > >
> > > (a) the education, training or employment, or prospective
> > > education, training or employment, of the data subject,
> > >
> > > (b) the appointment, or prospective appointment, of the
> > > data subject to any office, or
> > >
> > > (c) the provision, or prospective provision, by the data
> > > subject of any service.
> > >
> > > Could it be argued that once the confidential reference was
> > > in the hands of the recipient, the reference was given in
> > > confidence and is therefore exempt from disclosure?
> > >
> > > ----------------------
> > > Lucinda Bennett
> > > Administrative Officer
> > > Registry, Room 159
> > > University of Exeter Tel: 01392 263355
> > > Northcote House Fax: 01392 263108
>
> ----------------------
> Lucinda Bennett
> Administrative Officer
> Registry, Room 159
> University of Exeter Tel: 01392 263355
> Northcote House Fax: 01392 263108
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|