"Broom, Doreen" <[log in to unmask]> on
Wednesday, September 26, 2001 4:31 PM stated

>....so at the moment no
> to sharing of data unless consent has been received...

Is sharing not possible under the DPA 1998 without consent?  For instance if
the correctly restrictive data processor agreements regarding the use of the
shared data exist?

Schedule 1 paragraphs 11 and 12 clearly enable it to my mind.  It seems to
be a matter of formulating an agreement reflecting the original purpose the
data was collected, identifying the link to the shared processing, stating
the limitations and security requirements following a risk assessment of the
proposed site of the processing, and  then on an ongoing basis ensuring the
agreed restrictions are complied with.

Enough to keep busy with but achievable.

Ian W

----- Original Message -----
From: "Broom, Doreen" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, September 26, 2001 4:31 PM
Subject: Re: British Standard for Identifying a citizen


> Hi All
> I am no fortune teller but I can see a re-write of the DPA.  Everyone up
> here is waffling on about FOI and sharing of information and in my little
> voice - what about DP....ah well but until someone tells me otherwise I
> shall stick to the principles of the current DP Act ....so at the moment
no
> to sharing of data unless consent has been received...
> D
>
>
>
> > -----Original Message-----
> > From: Lewis Bourne [SMTP:[log in to unmask]]
> > Sent: 26 September 2001 15:01
> > To:   [log in to unmask]
> > Subject:      British Standard for Identifying a citizen
> >
> > Perhaps members would be interested in commenting on the following:
> >
> > I have been contacted by a colleague who is working in a virtual working
> > party tasked with developing BS8766 "Identification and referencing of
> > the citizen" naming standard.
> >
> > This is still a concept with no specific timeframe but has been given
> > added vitality by recent comments about a national I.D card.
> >
> > The concept is being driven by the I&DeA  (Improvement and development
> > agency) and their aspiration to have a National name and address
> > database.  It is also linked in with the National Electronic Electoral
> > Rolling Register.
> >
> > The bottom line in all this is that citizens can inform local or central
> > government once about e.g. a move of house or any other life event and
> > everyone will be informed in one go.
> >
> > The national address convention already exists. What BS8766 aims to do
> > is to introduce a convention for identifying a citizen.  This standard
> > is still very much in a consultative stage (smoke filled rooms).  My
> > initial comment was "Has the group had any Data Protection input"
> > comment received was "DPA has been mentioned and the idea would be that
> > the framework will only be put in place if citizens give consent!!"
> >
> > The I&DeA are being driven by Local Authorities.  I am led to believe
> > that Central Government is doing a similar thing through UK Online -
> > somewhere, somehow the two may come together.  My concern is that this
> > process may be overlooking the requirements of the Data Protection Act.
> >
> >
> > For your additional information I have reproduced a draft 'table' that
> > covers the suggested format of recording a citizens name record and,
> > also some "virtual working group" ideas for how citizens can be
> > referenced locally:
> >
> > The groups comments re: the DP consequences of such a concept would be
> > useful
> >
> > DATA ITEM:              Proposed Field Name:            Field Length:
> > Mandatory Y/N:  Format/comments:
> >
> > Unique Pupil            PUPILUPN                        13
> > N                       Could be used as
> > Number
> > identifier for school
> >
> > age citizens.
> >
> > National                        NATINSNO                        ?
> > N                       Where available, and
> > Insurance
> > citizen permits use
> > Number
> > can be used as
> >
> > identifier, may be used
> >
> > in combination with
> >
> > other identifiers.
> >
> > DVLA Drivers
> > licence number          DVLALICNO                       ?
> > N                       Where available and
> >
> > citzen permits use.
> >
> > Passport Number PASSPRTNO                       ?
> > N                       Where available and
> >
> > citizen permits use.
> >
> > Electoral Roll
> > Number                  ELEROLLNO                       ?
> > N                       Where available and
> >
> > citizen permits use.
> >
> > Unique Tax
> > Reference               UNIQTAX                 ?
> > N                       Where available and
> >
> > citizen permits use.
> >
> > Last Name               LASTNAME                        30
> > Y                       Legal last name.
> >
> > First Name              FIRSTNAME                       15
> > N                       Full first name.
> >
> > Other Names                                             25
> > N                       Any character string
> >
> > Date of Birth           DOB                             8
> > Y                       Date format
> >
> > ddmmyyyy
> >
> > other info is Gender, Former names, Ethnicity, Nationality, mother
> > tongue, preferred language, refugee indicator, Religious affiliation,
> > medical conditions, various property details.
> >
> > You get the idea!
> >
> >
> > My initial thoughts go along the lines of Fairness - how will all this
> > be obtained?, lawful - 'general identifiers' NO even if 'citizen' gives
> > consent.  Excessive - is all this required for the business purpose (is
> > the purpose transparent?).  Need I go on?
> >
> > Any views.
> >
> > Lewis Bourne
> > Principal Information Security Officer
> > I.C.T. Services
> >
> >
> >
> > This e-mail contains proprietary information some of which
> > or all of which may be legally privileged.  It is for the
> > intended recipient only.  If an addressing or transmission
> > error has misdirected the e-mail, please notify the author by
> > replying to this email.  If you are not the intended recipient
> > you must not use, disclose, distribute, copy, print or rely
> > on this e-mail.
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >     If you wish to leave this list please send the command
> >        leave data-protection to [log in to unmask]
> >             All user commands can be found at : -
> >     www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > all commands go to [log in to unmask] not the list please!
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> **********************************************************************
> This email is privileged, confidential and subject to copyright.
> Any unauthorised use or disclosure of its content is prohibited.
> The views expressed in this communication may not necessarily
> be the views held by Scottish Borders Council
> **********************************************************************
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>     www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^