Thomas
Yes, but it does not follow that the identity of the appraisor is available
under subject access as compliance with DPA Section 7 (4) (5) is still
required in relation to the appraisor (as opposed to the appraisee) rights
as data subjects.
Some observations
There is a legal relationship between the employer who introduces the 360
Appraisal system and the service provider of that system to the employer.
There is therefore in my view a data controller processor relationship. This
leaves employer legally responsible for managing SAR processes and indeed
all aspects of DPA compliance including directing the security process via
written contract.
In operating such a system there are two data subject types the appraisee
and the appraisor with differing sets of personal data held on each to make
the system operate. Eg Security and authentication of parties for integrity
and communication.
So you need to consider the principles in relation to each type and all data
held. A common service element in a 360 degree appraisal appears to be
protecting the identity of the appraisor from the appraisee. The argument
being to ensure an honest and constructuve appraisal. However this to my
mind can be a flawed concept given it permits malicious appraisal. Such an
event will be a motivation for subject access requests where damage to an
employees reputation is possible. Existing appraisal systems tend to have
employees signing up to agreeing comments.
An appraisor may be in competition with an appraisee for vacancies within
the data controller organisation as 360 appraisal may not be restricted to a
manager, subordinate relationship. It may be used with subordinate
appraising manager or in peer to peer relationships.
An employer's driver for runing 360 degree appraisals may be one of
containing admin and HR training costs, choosing specialised service
providers to combine, anonymise and deliver a constructive appraisal
summary. However integrity of the data in an appraisal process is vital and
this starts with appraisor content. How this is controlled and evaluated is
a key to ensuring a 360 degree appraisal adds value and is not a disputed
process. My concerns would be how the appraisal can be challenged by
appraisee and how can the data collection and matching processes employed
guarantee integrity.
Typically 360 appraisals should have a data capture protocol to try to
structure opinions allowing summaries of performance against defined
benchmarks. Consents of appraisee and appraisor to processing may be
employed to cover section 12 of DPA.
Appraisals are in the main opinion (but can also be based on performance
facts such as number of sales). Opinions cannot be challenged for accuracy
under DPA. Counter opinions may however have to be held or an erasure
process employed to maintain fairness.
Hope these thoughts assist your appraisal of the process ;-)
David Wyatt
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Thomas Rochford
> Sent: 27 March 2002 14:26
> To: [log in to unmask]
> Subject: SARs and 360 Degree Reviews
>
>
> Dear Colleagues,
>
> My University is about to pilot the use of 360-degree review of
> competencies. As part of this, participants will be asked to complete a
> computer marked evaluation form which includes a number of
> personal details
> relating to them as well as their views on the person they are rating. The
> intention is to return the summarised personal results to the person being
> evaluated and the summarised results for the whole group to the
> group. In no
> case, therefore, should raters be able to be identified, other than by the
> company which is processing the results. Nor should the results of an
> individual evaluation be seen by anyone other than the person being
> evaluated.
>
> My question is this. Can a person who is being rated make a subject access
> request to the company which is processing the results and thus make it
> impossible to guarantee anonymity to those who are doing the rating?
>
> Kindest regards,
> Thomas.
> __________________________________________________________________
> __________
> Thomas Rochford | Phone: +44 (1223) 363271 (Cambridge)
> Director of C & IT Services | +44 (1245) 493131 (Chelmsford)
> Anglia Polytechnic University | Fax: +44 (1223) 417704 (Cambridge)
> East Road | +44 (1245) 490835 (Chelmsford)
> Cambridge CB1 1PT | EMail: [log in to unmask]
> The University is an Exempt Charity
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|