In a message dated 07/08/2000 10:31:51 GMT Daylight Time,
[log in to unmask] writes:
<< Council, the Trustees of the College, meets 5 times a year. Members of
Council represent the Faculties of the College. A member of the
College/Faculty has requested (more of a demand really) the attendance
record of the Council member representing the requesting member's Faculty be
disclosed to him.
We have declined on the grounds of DP provisions on disclosure - consent
etc.
Attendance records of Council Members (5 out of 5; 4 out of 5; say) are
reported to the Trustees of the College via the Annual Report. We believe
this to be the extent of the College requirement to disclose attendance
records.
I would be grateful for any comments/thoughts on this. >>
As one or two have pointed out, you may not need consent, particularly if it
has been made clear that attendance (or not) at the meetings will be reported
to members of the faculty.
The problem with this query is that there is obviously something behind the
request and the fact that the information is not readily available suggests
that it is not common practice (at this college) to disclose.
It could be argued, therefore, that a breach of the First Principle may occur
in that a process (disclosure) was not made known to the data subject at the
time of data collection. If, however, the disclosure is one of the terms of
membership of the council, he/she can have no objection to the disclosure or
cause for complaint to the ODPC.
The argument that it is "a legitimate interest" could be expanded to say that
an employer could disclose someone's attendance at work details - not just
statistically like "25% of all our employees have more than two days off
every year" but specifically like "Arthur Dent was absent last week for three
days". Worse still: "Tricia MacMillan will be off work for the next two
weeks, she's on holiday in Malta".
If there is a requirement to make such details public then there can be no DP
argument.
Maurice Frankel writes on the subject:<<The Data Protection Commissioner's
recent annual report talks about bodies which "grasp the Act and wave it as
though it were some hybrid garlic which might ward off information hungry
vampires. Nowhere does the Act place blanket bars on the disclosure of
information." >>
Correct, but it also says in the report that knowledge of the Act is sadly
lacking and that many people think: "It doesn't apply to me." Maybe in this
case, just because someone thinks they should have access to the data it has
made the organisation think about it before it gives in to bully-boy tactics.
Maybe its no bad thing. Remember when a local authority disclosed the
specific salary details of some of its staff to a person who demanded it
under the "Access to Information" rules governing councils' financial
records? Remember the local authority who gave a councillor the names and
addresses of all its free bus pass recipients and he used it to junk-mail
them with a political message to "vote labour"? Etc., etc., etc.
If the purpose for the disclosure is incompatible with the primary purpose,
it can also be in breach of the Second Principle.
I'm not saying don't disclose, I'm saying be sure of your grounds for doing
so.
Ian Buckland
MD
Keep IT Legal Ltd
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|