I agree utilising section 35(2) within subject access is using it out of
context, however it does illustrate the point.
If you receive a subject access from a solicitor, acting of behalf of a
client, and the solicitor is advising the subject access response will be
used to inform civil proceedings, which the data controller is not involved
in, do not the reasonableness considerations necessary at section 7(4b)
necessitate some consideration of that fact. i.e. that the information will
become available in its complete form to the solicitor as part of the legal
proceedings. What viable arguments are then available supporting a
depersonalisation?
Yes, the self incrimination exemption does apply for information which might
incriminate the data controller.
Ian W.
----- Original Message -----
From: "Dave Wyatt" <[log in to unmask]>
To: "Ian Welton" <[log in to unmask]>
Cc: "Mailbase" <[log in to unmask]>
Sent: Friday, June 01, 2001 2:29 AM
Subject: RE: Subject Access - 7(4b) and Section 35(2)
> Ian
>
> I still feel that a data controller is on weaker ground arguing witholding
> CCTV images simply because the data subject may be suggesting they are to
> use in subsequent legal proceedings. Again context is everything and
without
> knowing the basis of the legal proceedings intended and whether others on
> the tape can be implicated it difficult to see why the controller has any
> obligation to consider the matter. The Act clearly allows the controller
to
> make the choice on whether to supply or not.
>
> If the other individuals in the video wished to have a 'pop' at the data
> controller releasing their image. They would have to prove their image was
> personal data in the hands of that data controller. Can they do that I
> wonder? Depends on the whether the CCTV is monitoring the data controllers
> own staff or the public at large. Example being a football club with crowd
> pictures. Club unlikely to identify all data subjects in a video but might
> manage to identify a club steward and some known banned members of public.
> Police more likely to identify a larger subset of individuals in the video
> from their access to records in their possession which hold details of
> potential offenders, but this would be unlikely to identify the steward.
>
> When you get to data used in court, others areas of research such as Legal
> professional privilege Schedule 7 Section 10 may play a part although
> relationship of parties would have a bearing on its application.
>
> I also wonder whether self incrimination exemption in Schedule 7 Section
> 11(2) gives you comfort.
>
> Section 35(2) and its non-disclosure associations in my mind relates to
> exemptions as defined in 27(4). 6th principle concerning right of access
is
> not one. So I would believe this sections application is out of context on
> the issue as discussed.
>
> Regards
>
> David Wyatt
>
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]]On Behalf Of Ian Welton
> > Sent: 31 May 2001 19:37
> > To: [log in to unmask]
> > Subject: Re: Subject Access - 7(4b) and Section 35(2)
> >
> >
> > Dave,
> >
> > Many thanks. That is the way I have been working so far.
> >
> > However, the issue arises that where the purpose of the subject access
> > request is to elicit a response which will be directly used in legal
> > proceedings, would it be reasonable in all the circumstances to
> > disclose the
> > data unedited? The reasoning behind that being that a clean
> > version of that
> > data would become available as part of those proceedings.
> >
> > Ian W
> >
> > ----- Original Message -----
> > From: "Dave Wyatt" <[log in to unmask]>
> > To: "Ian Welton" <[log in to unmask]>
> > Cc: "Mailbase" <[log in to unmask]>
> > Sent: Wednesday, May 30, 2001 11:17 PM
> > Subject: RE: Subject Access - 7(4b) and Section 35(2)
> >
> >
> > > Ian
> > >
> > > Don't you love this Act, who can ever be certain they have the right
> > > process.
> > >
> > > Classic link is witness data. Such information is used in areas such
as
> > > Insurance claims. I would not supply any data to the data subject
which
> > > allows the identity of a witness to be known by the data
> > subject unless I
> > > was certain from my records they already knew the identity e.g. Case
has
> > > been to court or in the press. If I was certain they knew this persons
> > > identity I am applying 7(4)b as it is pointless to seek
> > consent. If I was
> > > not certain the identity is known I would first go to 7(5)and
> > edit and if
> > > that did not work I would go to 7(4)a - can I get consent. If this
not
> > > possible I would decline supply 7(4)
> > >
> > > Joint contracts for Insurance another example where both parties have
an
> > > interest in the insurance. It is reasonable to assume each knows the
> > others
> > > identity given it is a joint contract therefore do not need to seek
> > consent
> > > to disclose the other parties name or contract factors each knows.
Again
> > Im
> > > relying on 7(4)b when supplying.
> > >
> > > In practice advices are always try to remove names of anyone other
than
> > the
> > > data subject or own staff before supply but the context, as you
> > know, may
> > > lead them to identify another individual. In such cases we try to
remove
> > as
> > > much as possible keeping as evidence a copy of the the original
position
> > pre
> > > edit with the data subject request file to enable the position to be
> > > scrutinised as 'fair' should a challenge occur through the
commissioner.
> > > Here we are applying 7(5)
> > >
> > > Hope this assists
> > >
> > > David Wyatt
> > >
> > > > -----Original Message-----
> > > > From: This list is for those interested in Data Protection issues
> > > > [mailto:[log in to unmask]]On Behalf Of Ian Welton
> > > > Sent: 30 May 2001 20:18
> > > > To: [log in to unmask]
> > > > Subject: Subject Access - 7(4b) and Section 35(2)
> > > >
> > > >
> > > > Is there any guidance, or has anybody dealt with any subject
> > > > access request
> > > > the response of which will probably be directly used in legal
> > proceedings?
> > > >
> > > > If so has the question of " it is reasonable in all the
> > circumstances to
> > > > comply with the request without the consent of the other
> > > > individual" arisen,
> > > > where the answer to that question has been affected by the
> > > > eventual purpose
> > > > and knowledge of the data subject making the request, and the
> > solicitor
> > > > acting on their behalf already have?
> > > >
> > > >
> > > > Ian W.
> > > >
> > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > If you wish to leave this list please send the command
> > > > leave data-protection to [log in to unmask]
> > > > All user commands can be found at : -
> > > > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > > > all commands go to [log in to unmask] not the list please!
> > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > >
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > all commands go to [log in to unmask] not the list please!
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|