Is Dennis' comment related to my reply - if so I apologize if the rather
shorthand reply I gave has been misinterpreted. What I meant was you can't
simply assume you can say no. You have to look at whether as per 7(4)(b) it
is reasonable to disclose without consent - hence my reference to the
ODPC's paper.
I think referees and receivers of references should work on the assumption
that it may well be reasonable to disclose them to the data subject.
There is already case law on the liability of the referee for the accuracy
of references involving, if my memory serves me, an insurance company.
Alasdair Warwood
----------
> From: Dennis Barrington-Light <[log in to unmask]>
> To: [log in to unmask]
> Subject: Re: References
> Date: 27 April 2000 17:03
>
>
>
> I am amazed by this interpretation. The Act says 'Where a data
controller
> cannot comply with the request without disclosing information relating to
> another individual >who can be identified from that information< he is
not
> obliged to comply with that request....' For example, if the reference
says X
> worked for me from x to x and performed these duties, etc, etc then that
> surely is information from which the individual can be identified.
Therefore
> that data cannot be disclosed unless one of the other conditions
specified in
> the Act is met. Nowhere does it say only the data identifying the third
party
> should not be disclosed - or have I been missing something important
about
> third party disclosures all this time?
>
> Dennis Barrington-Light
> Head of Student Records and Statistics
> University of Cambridge, 10 Peas Hill, Cambridge CB2 3PN
> Tel: 01223-332303 (Direct line) Fax: 01223-331200
> Email: [log in to unmask] or [log in to unmask]
>
>
>
>
>
> nrc4 <[log in to unmask]> on 27/04/2000 15:52:38
>
> Please respond to nrc4 <[log in to unmask]>
>
> To: "Broom, Doreen" <[log in to unmask]>
> cc: "[log in to unmask]" <[log in to unmask]>
> (bcc: Dennis Barrington-Light/REG/Central-Admin)
>
> Subject: Re: References
>
>
>
>
> References given to a third party or given by a third party are an
> entirely different kettle of fish! In the hands of the referee such
> references are exempt from the subject access provisions of the Act.
> However, when received from a third party the exemption does not apply.
> I had some interesting advice from the DPCO on maintaining
> confidentiality for referees they said:- 'While in many cases an
> individual will be able to guess the identity of the referee from the
> reference itself, a data controller is only entitled to remove that
> information which actually identifies the referee. It will be very rare
> that a controller will be justified in withholding the whole of a
> reference in response to a subject access request'.
>
> Nadine
>
> "Broom, Doreen" wrote:
> >
> > Thanks for this.
> > Can I just enquire though - if a reference is given say by a Head of
Dept.
> > to an external organisation - my understanding is that the employee can
go
> > to that organisation and ask to see a copy of that reference although I
> > believe it is up to the individual organisation to say whether or not
they
> > wish to disclose e.g. they can say it is third party information and
> > therefore can refuse unless they have consent. Am I correct in my
> > understanding?
> > Doreen
> >
> > > -----Original Message-----
> > > From: nrc4 [SMTP:[log in to unmask]]
> > > Sent: 27 April 2000 14:44
> > > To: [log in to unmask]
> > > Subject: References
> > >
> > > I have recently had a response from the DPCO clarifying the position
re
> > > confidential references, where the data controller (in this case a
> > > university) is not only the giver but also the receiver of the
> > > reference. They advise that personal references are exempt from
subject
> > > access while they remain in the hands of the data controller. They
> > > confirm that all information contained in confidential references
given
> > > by the University or by its staff acting on behalf of the University
are
> > > exempt from subject access.
> > >
> > > Heads of Department will gain some comfort from this!
> > >
> > > Nadine
> > > --
> > > **********************
> > > Nadine Cleaver GCGI
> > > PA to Vice-Chancellor
> > > University of York
> > > Tel (01904) 432001 (General Enquiries)
> > > Tel (01904) 434461 (Development Office/Data Protection Co-ordination)
> > > Fax (01904) 432003
> > > ***********************
> > ________________________________________________________________
> >
> > This e-mail is privileged, confidential and subject to copyright.
> > Any unauthorised use or disclosure of its contents is prohibited.
> > The views expressed in this communication may not necessarily
> > be the views held by the Scottish Borders Council.
> > _________________________________________________________________
>
> --
> **********************
> Nadine Cleaver GCGI
> PA to Vice-Chancellor
> University of York
> Tel (01904) 432001 (General Enquiries)
> Tel (01904) 434461 (Development Office/Data Protection Co-ordination)
> Fax (01904) 432003
> ***********************
>
>
>
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|