Would also like to respectfully disagree with Ian's comment in a similar way
to Peter's opinion below. Sometimes an organisation might have to take into
account the wider picture, for instance, the possibility of recriminatory
actions as a result of disclosure, viz the following (genuine, but seriously
abridged) scenario:-
There is a SAR for a case involving estranged partners where one has made
allegations against the other. The requester knows who made the allegations
and asks for the data. There is a duty of confidentiality to the the person
making allegations & with respect to advice given, yet the requester is
clearly also a data subject. A database search by the requester's name
reveals the relevant records although the parties do not have a surname in
common.
To disclose third party data in this case, on the grounds that it was
plainly evident that the requester did indeed know who made the allegations,
would have broken client confidentiality and shirked contributory
responsibility for any subsequent outcome - e.g. possibly including
violence, legal proceedings, etc.
Cowardice or pragmatism?
-----Original Message-----
From: Peter Wilson [mailto:[log in to unmask]]
Sent: 09 March 2001 09:42
To: [log in to unmask]
Subject: Re: Fees for subject access
Ian wrote - Unless of course the data subject already knows the identity of
these third parties in which case there is no reason to withhold nor even to
seek consent.........
Disagree - The subject may well know the identity of TP. It is the data that
is the key. If after reading the reference you feel that releasing would
not come back to haunt YOU (from TP) Release . (I & you know there
shouldn't be - but - heh this is the REAL world.) If however you feel
there might be something, and after asking the TP for consent which is not
given - it would be a very brave DPO who would release. Your call.
Peter
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Peter Wilson
Data Protection Officer
University of Paisley
Legal disclaimer
--------------------------
The information transmitted is the property of the University of Paisley and
is intended only for the person or entity
to which it is addressed and may contain confidential and/or privileged
material. Statements and opinions expressed in this
e-mail may not represent those of the company. Any review, retransmission,
dissemination and other use of, or taking
of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited.
If you received this in error, please contact the sender immediately and
delete the material from any computer.
--------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|