s 7(4) of the Act says that you do not have to release information relating
to another individual unless the other individual has consented, or it is
reasonable in all the circumstances to provide the information without the
consent of the other individual. In practice, in situations like yours, I
translate this to mean:
1. The data subject is only entitled to informamtion about themselves, so
any information exclusively about a third party (even if that third party is
their partner) should be blanked out. However, much information will be
about both parties, so then I apply the following steps.
2. If the person making the request already legitimately has the information
about the third party then I will provide it without seeking the consent of
the third party. In your case, if the parties have entered into an
insurance policy together, I would provide the policy and any other
documents that both have signed or that I know both have already seen
without blanking out any names.
3. If there is information about a third party (eg a letter from that person
about the other person) and I have no evidence that the person making the
request has already seen the information, then I would write and seek the
third party's views on the disclosure of the information to the individual.
4. If the third party objects, I would look to see if I can provide the
information in an anonymised form. This does not mean simply blanking out
names, but also blanking out any information that would identify the third
party. In the case of a joint insurance policy, I think it is unlikely that
you would be able to effectively anonymise the information.
5. If I cannot anonymise the information, then I will look at the third
party's reasons for objecting to the disclosure to assess whether it would
be 'reasonable in all the circumstances' to disclose the information without
consent. In all the cases I have dealt with so far, it has not been
reasonable to disregard the third party's wishes and I have not disclosed
the third party information.
Susan.
-----Original Message-----
From: Clare Bond [mailto:[log in to unmask]]
Sent: 09 Oct 2002 09:27
To: [log in to unmask]
Subject: DSAR
What should you send when you receive a DSAR for an individual who has a
joint policy?
Do you block out all reference to the other policyholder?
I would be grateful for your thoughts.
Clare
**********************************************************************
Copyright in this message and any attachments remains with us. It is
confidential and may be legally privileged. If this message is not
intended for you it must not be read, copied or used by you or
disclosed to anyone else. Please advise the sender immediately if
you have received this message in error.
Although this message and any attachments are believed to be free of
any virus or other defect that might affect any computer system into
which it is received and opened it is the responsibility of the
recipient to ensure that it is virus free and no responsibility
is accepted by Cornhill Insurance PLC for any loss or damage in any
way arising from its use.
Cornhill Insurance Plc, Registered in England number 84638,
Registered Office 32 Cornhill, London EC3V 3LJ.
Member of the General Insurance Standards Council for general insurance
business.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|