My advice on this matter would be to remember that the DPA98 should not be
taken out of context, nor taken in isolation.
Even though the internal references MAY be exempt from subject access
(clarification from the ODPC would be nice) you may find that employment law,
common law duty of confidence and libel law have to be considered.
I suppose reasonable questions to ask are:
"Why do we want to withhold the reference from the data subject?"
"Do we really want to make use of an exemption just because it is available?"
and
"If we do refuse access, might not the individual suspect we are hiding
something?"
The answers to these and other DPA questions can often be answered by putting
yourself in the position of the data subject and asking:
"If this was happening to me, what would I think / do about it?"
Ian Buckland
MD
Keep IT Legal Ltd
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|