-----Original Message-----
From: GRAHAM Susan
Sent: 02 December 2002 16:14
To: [log in to unmask]
Subject: RE: [data-protection] DSAR & Structured Files
Clare
Different people adopt different approaches to what is a 'structured
manual file'. In the debates introducing the DP Bill to the House of
Lords, the government specifically said that the kind of file you are
talking was not a 'structured manual file'. However, the Information
Commissioner does not accept this. So far as I know there is no case
law on the subject, so who is right and who is wrong has not been
tested. Many organisations adopt a cautious approach because they don't
want to be the first test case.
When defining what is or is not a 'relevant filing system', some people
also say that there needs to be a set of files before the data is caught
in the definition. That is, if you hav one file about one person
(whether indexed, sub-divided or not), then it is not a 'relevant filing
system', BUT if you have a set of files, for example with each one about
a different person, then it may be a relevant filing system (subject to
the point about internal structure). Again, there is no case law.
On your second question, I would include any information about the
client where he is a clearly identifiable individual, regardless of
whether the context was his work as director or not. It is still
personal data, even if someone is acting in their official capacity.
However, I would not include any information about the company. For
example, I would exclude the statement, 'The company's results have been
affected by poor leadership', but I would include, 'The director's poor
leadership has been a direct cause of the company's poor results'.
Susan Graham
-----Original Message-----
From: Clare Bond [mailto:[log in to unmask]]
Sent: 02 December 2002 14:40
To: [log in to unmask]
Subject: [data-protection] DSAR & Structured Files
I would appreciate your opinion on what is a "structured manual file".
How does this definition apply to Data Subject Access Requests? If I
hold a file on an individual, but the content of the file is not
structured (i.e. no index or set order), then would I need to include
this information in response to a DSAR?
Also, when receiving a DSAR for an individual who is also a director of
a limited company, where do you draw the line between personal data
(that must be released) and business data? Would you withhold the
information relating to the client as the Director, but reveal personal
information such as the director, Mr Smith, is a family man who likes
playing golf?
I would appreciate your comments & thoughts on the above.
Kind regards,
Clare
Clare Bond
Compliance Officer
Cornhill Insurance PLC
* 57 Ladymead, Guildford, Surrey, GU1 1DB
* Tel: 01483 55 2887
* Fax: 01483 55 2946
* Email: [log in to unmask]
**********************************************************************
Copyright in this message and any attachments remains with us. It is
confidential and may be legally privileged. If this message is not
intended for you it must not be read, copied or used by you or disclosed
to anyone else. Please advise the sender immediately if you have
received this message in error.
Although this message and any attachments are believed to be free of any
virus or other defect that might affect any computer system into which
it is received and opened it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
Cornhill Insurance plc for any loss or damage in any way arising from
its use.
Cornhill Insurance plc, Registered in England number 84638, Registered
Office 32 Cornhill, London EC3V 3LJ.
Cornhill Insurance plc is regulated by the Financial Services Authority.
Member of the General Insurance Standards Council for general insurance
business.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|