Without wishing to add more mud to the waters already stirred, there may be
a simple solution to the question of disclosure of references. That is to
say, when they have served their purpose - the data subject has got the job
or not etc. - they should surely be destroyed - otherwise the data
controller may be in danger of contravening the Act by keeping data longer
than necessary. Then the question of disclosure (obviously!) doesn't arise.
It may suffice for evidence to keep a record of eg (un)satisfactory
reference received from x. I know from experience of examples where
references are held on file indefinitely - not at all justifiably in most
cases...
--
Tim Wright
Information Security Manager
Fuji Bank, London
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|