Hi Doreen
Thanks for sharing that - very useful info.
Peter Bloomfield seems only to refer to exemptions under Section 29 in
relation to your query. I think there is also the issue of justifying
exemption from the subject information provisions where there is a likely
risk of harm to the data subject or others (in this case your staff). Its
a different issue but I think has a more general application in relation to
use of PVP markers.
I have to say I'm rather surprised by his attitude to sharing PVP markers
across a local authority. The OIC people seem to be getting much more
pragmatic these days don't they ? - no bad thing in my book.
Cheers
Colette
St Helens Council.
"Broom, Doreen"
<[log in to unmask] To: [log in to unmask]
V.UK> cc:
Sent by: This list is Subject: Response from Peter Bloomfield to
for those interested PVPs
in Data Protection
issues
<data-protection@JISCM
AIL.AC.UK>
23/10/2002 09:32
Please respond to
"Broom, Doreen"
All
I can't believe it - but I have had a response already:
"Thank you for your letter of 17 October about the VWM lists. Taking your
questions in turn:
1. You ask about using the Section 29(1) exemption from fair processing to
avoid telling an individual that they are considered to be potentially
violent in cases where the data controller considers the situation would be
further exacerbated by doing so. The scenario you mention is where the
incident that gave rise to potentially violent considerations has led to
criminal charges.
Section 29(1) does indeed provide such an exemption, if telling the
individual is likely to prejudice the prevention of crime, i.e. generate a
further assault on a member of staff. But, as with any use of Section 29,
it is for the data controller to be sure that they can justify the use of
the exemption on a case by case basis and I have to say that in the
scenario
you describe, I do struggle to see how, as criminal charges have been laid,
telling an individual that he has been listed as being a threat to staff
will actually justify use of Section(1). However, if the data controller
can argue that Section 29(1) is appropriate, on a case by case basis, so be
it.
2. You go on to ask about the situation where Section 29(1) has been used
to avoid telling an individual that they are considered to be potentially
violent, and the individual puts in a subject access request.
Exactly the same considerations with question 1 apply. Section 29(1)
provides an exemption from subject access under exactly the same
circumstances as from fair processing. I should add however that any
decision to withhold information following receipt of a subject access
request will be easy to make if the decision to not inform the individual
that they are considered to be potentially violent is properly documented.
3. You ask about the position if the individual seeks a court order to
find
out whether or not they are listed as being potentially violent.
I would suggest here that it is not a question of trying to use Section
29(1) to withhold information when a court has ordered it to be disclosed,
rather it is that the data controller should be chalenging the court order.
4. You raise the question of sharing the information on those considered
to
be potentially violent with other data controllers.
I am not sure I can add anything further to our advice sheet (the
section
on Passing the Information to Other Organisations). I do feel this
explains
our position in some detail.
5. Finally, you ask about sharing of information within a Council, i.e.
between Departments.
The relevant part of the guidance is Security. In addition to security
considerations there are also fair processing considerations, in that for
processing to be fair only those who have a need to see personal data
should
see it.
It is for the data controller, the Council, to decide how best to balance
the rights of individuals to privacy (by getting security right and by
ensuring fair processing) against the employers' responsibility to ensure
their staff are safe. Allowing all employees unrestricted access to a
central database of those considered to be potentially violent will be
unlikely to be secure and fair. However, the data controller does need to
ensure that those employees making home visits or working in open plan
caller areas are aware that individuals are a potential danger and can take
steps to reduce the risks to themselves, i.e. by interviewing in screened
rooms etc. How the Council ensures only those employees who need to know
get to know is a matter for the Council.
Finally, there is no problem as I see it in a Council having one list of
those considered to be potentially violent. The Council is after all one
data controller, has a duty to protect its employees, and if in contact
with
an individual considered to be potentially violent in one situation (eg
housing benefit) may well also be in contact with that individual in other
circumstances (eg council tax). I therefore see no bar to a council having
one list.
I hope this response is of some use.
Yours sincerely
Peter Bloomfield (Senior Compliance Manager)
**********************************************************************
This email is privileged, confidential and subject to copyright.
Any unauthorised use or disclosure of its content is prohibited.
The views expressed in this communication may not necessarily
be the views held by Scottish Borders Council
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
***************************************************************************
Disclaimer: This e-mail and any file transmitted with it are confidential,
subject to copyright and intended solely for the use of the individual
or entity to whom they are addressed. It may contain privileged
information.
Any unauthorised review, use, disclosure, distribution or publication is
prohibited.
If you have received this e-mail in error please contact the sender by
reply e-mail and destroy and delete the message and all copies from
your computer.
***************************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|