In a message dated 07/02/2001 09:59:12 GMT Standard Time,
[log in to unmask] gave us Coventry's Consent Clause:

<< Data Protection Act 1998: Consent to process Information

 I understand that the University collects information about all its
 students for various administrative, academic, and health and safety
 reasons. Because of the Data Protection Act 1998 I understand that the
 University requires my consent before it can do this, since it cannot
 operate the institution effectively without processing information about
 me. I therefore agree to the University processing personal data
 contained in my enrolment form, UCAS form or other data which the
 University may obtain from me or other people, whilst I am a student, an
 applicant, or a former student. I agree to the processing of such data
 for any purposes connected with my studies or my health and safety
 whilst on the premises or for any other legitimate reason. In
 particular, I accept the University's policy of releasing personal
 information to authorised bodies such as sponsors, government agencies,
 and present/potential employers, but not to relatives or friends. I also
 agree to the release of my results to my former school/college. I accept
 the University's practice of displaying names on pass lists. I note that
 the only data held on me which constitutes "sensitive data" as defined
 in the above Act comprises my ethnic group and the disability
 classification which I supplied to the University.

 I understand that by registering for the use of University IT facilities
 I will be issued with an email address. I agree to the publication of
 this email address on the University's web site and understand that the
 address will be available world-wide, including in countries where the
 rights of data subjects are not protected by law. I understand that I
 may opt to have my address withheld by contacting the Webmaster in the
 Computing Services Department at the University. >>
----------------
A few minor points:

1)  The Uni will not need consent for all the processing it does, so the
premise contained in the first two sentences is actually incorrect;

2)  Because the statements about other sources and other purposes are so
woolly it is unlikely to qualify as explicit consent (required for the
sensitive data - which incidentally may not be restricted to the categories
listed, what about sickness records, allergies, religious beliefs, trade
union membership for union-sponsored students, offences, etc?);

3)  If the e-mail addresses are ones that identify the individual, it may be
better to include a tick box at this point, rather than asking them to
contact someone else.  Consent is always best obtained at the time of
collection;

4)  Although it seems to be a comprehensive (and long) statement of intent it
is rather lacking in substance and appears to give the Uni "carte blanche" to
process data to their heart's content.  In fact it doesn't but how many
students will realise that?

Ian B
MD
Keep IT Legal Ltd

Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor.  If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:

55 Curbar Curve
Inkersall, Chesterfield
Derbyshire  S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^