In a message dated 26/04/2001 22:42:43 GMT Daylight Time,
[log in to unmask] writes:
<< However, our legal advice on the same point you made
> about the central collection pilot last year is quite clear - it is not
> for institutions to decide whether or not the information requested by the
> funding council is required for the exercise of its functions. That
> decision is clearly for the funding council - subject to the view of a
> court of course. >>
---------------------------------
It appears to me that what needs to happen in this case, to appease both
sides, is for the letter from the council to state that the institution is
REQUIRED, not "requested", to disclose the personal data under the specified
legislation.
That way, the HEI has a piece of paper to cover its backside (excuse my
french) and the HEFCE gets its data without the consent of the data subject.
The HEI would not need to assess whether the request is "reasonable" - only
whether the legislation specified does actually require the disclosure of
personal data.
If you are not convinced that the legislation says that the personal data is
required then of course you can let the courts sort it out. In my own view,
the use of Schedule 1 of the Act as an argument on the functions of the
council falls flat because it refers specifically to property and funding.
This is clearly an efficiency exercise under s83.
As to whether the demand for these personal details under s83 is reasonable,
as I said, only the courts can decide - but clearly this should be sorted
before any harm is done to the data subject, not afterwards.
-----
Further, on the advice from Ian Goss:
> Institutions do not need the consent of their graduates in order to pass
> the information requested to HEFCE. However, for their own assurance,
> institutions may wish to:
> * Advise their existing and prospective students (and staff if this
> does not already happen, e.g. for RAE purposes) that some personal data
> may be transferred to HESA, HEFCE and other bodies to enable them to carry
out
> their statutory functions.
> * Updating their own DP registration to ensure that the obligation to
> provide data to such bodies is more clearly described.
>
If the information is required under this legislation, I doubt that either of
the above is necessary. I am under the impression that disclosures required
by law do not have to be registered, and that in such circumstances you don't
have to be "fair" to the individual.
Ian Buckland
MD
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|