All
I can't believe it - but I have had a response already:

"Thank you for your letter of 17 October about the VWM lists. Taking your
questions in turn:

1. You ask about using the Section 29(1) exemption from fair processing to
avoid telling an individual that they are considered to be potentially
violent in cases where the data controller considers the situation would be
further exacerbated by doing so. The scenario you mention is where the
incident that gave rise to potentially violent considerations has led to
criminal charges.

  Section 29(1) does indeed provide such an exemption, if telling the
individual is likely to prejudice the prevention of crime, i.e. generate a
further assault on a member of staff. But, as with any use of Section 29,
it is for the data controller to be sure that they can justify the use of
the exemption on a case by case basis and I have to say that in the scenario
you describe, I do struggle to see how, as criminal charges have been laid,
telling an individual that he has been listed as being a threat to staff
will actually justify use of Section(1). However, if the data controller
can argue that Section 29(1) is appropriate, on a case by case basis, so be
it.

2. You go on to ask about the situation where Section 29(1) has been used
to avoid telling an individual that they are considered to be potentially
violent, and the individual puts in a subject access request.

  Exactly the same considerations with question 1 apply. Section 29(1)
provides an exemption from subject access under exactly the same
circumstances as from fair processing. I should add however that any
decision to withhold information following receipt of a subject access
request will be easy to make if the decision to not inform the individual
that they are considered to be potentially violent is properly documented.

3. You ask about the position if the individual seeks a court order to find
out whether or not they are listed as being potentially violent.

  I would suggest here that it is not a question of trying to use Section
29(1) to withhold information when a court has ordered it to be disclosed,
rather it is that the data controller should be chalenging the court order.

4. You raise the question of sharing the information on those considered to
be potentially violent with other data controllers.

   I am not sure I can add anything further to our advice sheet (the section
on Passing the Information to Other Organisations). I do feel this explains
our position in some detail.

5. Finally, you ask about sharing of information within a Council, i.e.
between Departments.

  The relevant part of the guidance is Security. In addition to security
considerations there are also fair processing considerations, in that for
processing to be fair only those who have a need to see personal data should
see it.

  It is for the data controller, the Council, to decide how best to balance
the rights of individuals to privacy (by getting security right and by
ensuring fair processing) against the employers' responsibility to ensure
their staff are safe. Allowing all employees unrestricted access to a
central database of those considered to be potentially violent will be
unlikely to be secure and fair. However, the data controller does need to
ensure that those employees making home visits or working in open plan
caller areas are aware that individuals are a potential danger and can take
steps to reduce the risks to themselves, i.e. by interviewing in screened
rooms etc. How the Council ensures only those employees who need to know
get to know is a matter for the Council.

  Finally, there is no problem as I see it in a Council having one list of
those considered to be potentially violent. The Council is after all one
data controller, has a duty to protect its employees, and if in contact with
an individual considered to be potentially violent in one situation (eg
housing benefit) may well also be in contact with that individual in other
circumstances (eg council tax). I therefore see no bar to a council having
one list.

I hope this response is of some use.
Yours sincerely
Peter Bloomfield (Senior Compliance Manager)



**********************************************************************
This email is privileged, confidential and subject to copyright.
Any unauthorised use or disclosure of its content is prohibited.
The views expressed in this communication may not necessarily
be the views held by Scottish Borders Council
**********************************************************************

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^