Paul
Regards defining processing as 'compatible with purpose'. Here lies the
challenge for any DPA officer. Identifying data controllers / processors and
purposes in any given situation can be complex let alone identifying if
processing is compatible with those purposes. You could have an army of
lawyers on the question and still be wrong although chances should be
reduced.
The decision can be fundamental part of deciding compensatory issues or
indeed criminal offences e.g. unauthorised disclosure.
Someone, and it usually starts with the DP officer, within an organisation
has to argue everything is compatible with whatever purpose the organisation
has decided to advise the individual about and, where applicable,
registered. Some arguments are stronger than others and some appear to not
work at all.
I find I have several differences of opinion with others in my sector on
such issues. It is this which makes a DPA job challenging. (as oppposed to
'rewarding' as that depends on your perspective.) What qualifications /
experience are required as a minimum competency level for any DPA officer
who has to decide processing is compatible with purpose?
Does the Commissioner decide if any given processing is a compatible a
purpose or a court / tribunal?
My feel is that it must be the court / tribunal (Right to fair trail under
Human Rights and all that) although the Commisioners view would carry
substantial weight in any decision made in this fashion. Of course your
organisations senior management may take the 'discretion is the better part
of valour' approach amd concede position at an enforcement stage before
court / tribunal proceedings are invoked given it may be perceived as the
cheaper option. All comes down to money in the end.
Be interested in any others views whether the decisions are actually with
the Commissioner or Court / Tribunals on deciding 'processing compatibility
with purpose'
David Wyatt
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Paul Ticher
> Sent: 04 July 2001 12:53
> To: [log in to unmask]
> Subject: Re: Passing info on - without consent?
>
>
> Irene,
>
> There are several issues here:
>
> 1) In order for processing to be fair the data subject should know what
> is going on. So you (almost) ALWAYS have to make sure that they are aware
> that a particular type of use or disclosure might take place.
>
> 2) In addition you have to meet the Schedule 2 Conditions. Consent is
> one of these, but if you meet one of the others you don't need consent.
> What I think you mustn't do is ask for consent, have it withheld, and then
> say 'Well, we meet one of the other conditions, so we didn't need consent
> anyway' because that would almost certainly be 'unfair'.
>
> 3) You then have to ensure that all your processing is
> 'compatible' with
> the purpose(s) you originally obtained the data for. In a way this goes
> back to what you told people when you obtained it.
>
> So, consent for the kind of things you mention: probably not needed,
> provided the Data Subject knows what's going on and what you're doing is
> compatible with your purpose(s).
>
> Anyone like to have a go at defining 'compatible' here?
>
> Paul Ticher
> Information Management
> 0116 273 8191
> 22 Stoughton Drive North, Leicester LE5 5UB
>
> ----- Original Message -----
> From: Irene Bruce <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: 03 July 2001 17:05
> Subject: Passing info on - without consent?
>
>
> > Hi
> >
> > Can anyone offer some advice on the following queries:
> >
> > Is it necessary to seek an individuals permission, before
> circulating any
> > personal information about them to other people? (academic staff to
> > management back to academic staff regarding a student)
> >
> > If a member of staff circulates personal information about a student to
> > other members of staff within the institution without that students
> consent,
> > does this constitute a breach of the data protection act?
> >
> > I thought it would depend on what type of information and if it was
> relevant
> > to the student and their course work then permission would not be
> required.
> > When would the institution require to obtain consent from
> student to pass
> > information on. Surely if they sign a DP declaration form when
> matriculating
> > then they are in effect signing themselves up for the "rules" of the
> > institution. This query keeps coming up. Would the guidance
> be different
> > if it was relating to either grievance, discipline or harassment
> > complaints??????????????????
> >
> > Any advice??
> >
> > Irene
> >
> > IRENE BRUCE
> > Assistant Company Secretary
> > Glasgow School of Art
> > 167 Renfrew Street
> > Glasgow
> > G3 6RQ
> >
> > Tel: 0141 353 4518
> > Fax: 0141 353 4540
> > e.mail:[log in to unmask]
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > all commands go to [log in to unmask] not the list please!
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|