Maurice,
I think we basically agree, and I do consider that there are cases where it
is wiser not to seek consent. If you KNOW that you intend to use data in a
particular way, it is fairer to tell the person without giving them the
option, rather than give them a spurious choice (for example the cases where
a funding agency makes it a condition of funding that you disclose
client/student/service user details to them). Another clear example is
where you are meeting the third condition - legal requirement. There's no
point in my employer asking for consent to disclose my salary details to the
Inland Revenue because no one has any choice over the matter.
I think your example about the psychiatrist comes into this category. Most
confidentiality policies now make it clear that there are cases where
confidentiality must be breached - child protection, drug dealing, money
laundering, defrauding social security - the list keeps growing. In these
cases, the line is usually to inform the data subject that confidentiality
is going to be broken, but not to ask for consent.
Once the Data Subject knows what's happening, they can raise any objection
they have. You must then take their views into consideration to ensure that
you are still being fair. The most important thing, I think, is not to
deliberately keep people in the dark or do things behind their backs.
People often lose sight of this when they focus on consent, thinking that if
you don't need consent, you don't have to tell the Data Subject either.
I don't think unforeseen circumstances are affected by this line of argument
because, according to the Commissioner's guidance, based on the Directive,
consent must be 'specific' as well as 'informed and freely given'. You
can't ask for 'specific' consent to an unspecified eventuality. In that
case you have to make sure that your disclosure or other use of the data
complies with one of the non-consent conditions, or is exempt, and is
compatible with the purpose as well as being fair overall.
Paul Ticher
Information Management
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: Maurice Frankel <[log in to unmask]>
To: <[log in to unmask]>
Sent: 05 July 2001 12:35
Subject: Re: Passing info on - without consent?
> Paul,
>
> I can see the sense of your point 2 in relation to the example being
> discussed, but I'm not sure about it as a general point. It would
> imply that if you ask for consent, you give the individual an
> _absolute_ veto over disclosure, in all circumstances, even if
> disclosure is in fact 'necessary' for one of the other schedule 2
> purposes (and even in other respects the fairness requirement has
> been met).
>
> The implication of point 2 would be that, if you think disclosure may
> be 'necessary', you should actively _avoid_ seeking consent. Is
> there IC guidance on this?
>
> To take an extreme, but plausible example, this would would mean
> that if a psychiatrist asks a psychiatrically ill and potentially
> dangerous patient for consent to pass information about his
> condition to the GP and the patient refuses, the psychiatrist is
> prohibited from passing the information on - even if this endangers
> other people.
>
> In that case the information would be sensitive data, requiring a
> schedule 3 condition, one of which expressly permits disclosure
> after a refusal of consent [para 3(b) of Schedule 3] suggesting that
> a refusal is not intended to exclude disclosure where is it necessary
> on other grounds.
>
> A similar conclusion could be drawn from s 7(4), which envisages that
> information about a third party who has not consented to disclosure
> (and perhaps even refused it), may be revealed in a subject access
> request if it is still "reasonable in all the circumstances".
>
> Maurice Frankel
> Campaign for Freedom of Information
>
> At 12:53 pm +0100 4/7/01, Paul Ticher wrote:
> >Irene,
> >
> >There are several issues here:
> >
> >1) In order for processing to be fair the data subject should know
what
> >is going on. So you (almost) ALWAYS have to make sure that they are
aware
> >that a particular type of use or disclosure might take place.
> >
> >2) In addition you have to meet the Schedule 2 Conditions. Consent is
> >one of these, but if you meet one of the others you don't need consent.
> >What I think you mustn't do is ask for consent, have it withheld, and
then
> >say 'Well, we meet one of the other conditions, so we didn't need consent
> >anyway' because that would almost certainly be 'unfair'.
> >
> >3) You then have to ensure that all your processing is 'compatible'
with
> >the purpose(s) you originally obtained the data for. In a way this goes
> >back to what you told people when you obtained it.
> >
> >So, consent for the kind of things you mention: probably not needed,
> >provided the Data Subject knows what's going on and what you're doing is
> >compatible with your purpose(s).
> >
> >Anyone like to have a go at defining 'compatible' here?
> >
> >Paul Ticher
> >Information Management
> >0116 273 8191
> >22 Stoughton Drive North, Leicester LE5 5UB
> >
> >----- Original Message -----
> >From: Irene Bruce <[log in to unmask]>
> >To: <[log in to unmask]>
> >Sent: 03 July 2001 17:05
> >Subject: Passing info on - without consent?
> >
> >
> > > Hi
> > >
> > > Can anyone offer some advice on the following queries:
> > >
> > > Is it necessary to seek an individuals permission, before circulating
any
> >> personal information about them to other people? (academic staff to
> >> management back to academic staff regarding a student)
> >>
> >> If a member of staff circulates personal information about a student
to
> >> other members of staff within the institution without that students
> >consent,
> >> does this constitute a breach of the data protection act?
> >>
> >> I thought it would depend on what type of information and if it was
> >relevant
> >> to the student and their course work then permission would not be
> >required.
> >> When would the institution require to obtain consent from student to
pass
> >> information on. Surely if they sign a DP declaration form when
> >matriculating
> >> then they are in effect signing themselves up for the "rules" of the
> >> institution. This query keeps coming up. Would the guidance be
different
> >> if it was relating to either grievance, discipline or harassment
> >> complaints??????????????????
> >>
> >> Any advice??
> > >
> >> Irene
> >>
> >> IRENE BRUCE
> >> Assistant Company Secretary
> >> Glasgow School of Art
> >> 167 Renfrew Street
> >> Glasgow
> >> G3 6RQ
> >>
> >> Tel: 0141 353 4518
> >> Fax: 0141 353 4540
> >> e.mail:[log in to unmask]
> >>
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> If you wish to leave this list please send the command
> >> leave data-protection to [log in to unmask]
> >> All user commands can be found at : -
> >> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> >> all commands go to [log in to unmask] not the list please!
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> >all commands go to [log in to unmask] not the list please!
> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|