Gail
My observations on your enquiry.
Individuals have a right to be informed at collection (Sch 1 Part II Section
2 (3) d) X Ref Art 10 and 11 EC Dir 95/46
a) recipients or catagories of recipients (disclosures to employees of data
controller appears sufficient if that is extent of disclosures) So they
should already know at subject access point.
Under subject access rights DPA Section 7 1 b iii they have right to be
given same information (recipients or classes of recipients of their data)
They are not entitled to the names of those recipients unless the staff
member (other individual) has consented or it is reasonable to supply in the
circumstances without consent (Section 7 4 b).
Most employees know they are processing personal data as representative of
the employer so may accept disclosures of their name as reasonable.
Suppressing them can be substantial manual admin at subject access stage.
However you need to consider context. e.g. With Insurance claims some
claimants can be threatening to individual employees so not disclosing the
employee name is a prudent step. There are probably many parallels to this
in other daat subject data controller relationships. When controlling the
admin process we always suppressed employee identity rather than assume
employees would give consent if asked. This is not an easy process
particulary with policy transaction logs where a client may have dealt with
many different staff or more over a period of their contract. eg. Life
contracts run for many years and at only 4 queries per annum over 20 years
may yield 80 different employee contacts names to be screened. On general
insurance many more contacts can occur over a shorter period especially when
claims arise.
Hope this assists
David Wyatt
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of
> [log in to unmask]
> Sent: 22 February 2002 09:26
> To: [log in to unmask]
> Subject: 'Blind' copies
>
>
> I wondered what your views were about the practice of 'blind' copying
> information. We are dealing with a subject access request where we will be
> providing copies of information from manual files which the
> individual will
> now see have been 'blind' copied to members of staff who needed
> to be aware
> of it. It seems to me that this is perhaps bad practice but is it anything
> more?
> Gail Waters
> DP Coordinator
> Open University
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|