It seems to me that data capable of identifying an individual, and
potentially of a sensitive nature is held by both the originator and
recipient of the reference. I see the individual concerned as having the
perfect right to have access to that reference at either and both ends of
the transmission chain. It is just like ANY piece of data.
I don't understand why Colette says that "The provider of the reference is
exempt from giving the Data subject access to it." But I am very willing to
learn how the provider is exempt.
The scenario of the reference having been shredded gets us into "Enron
territory", and I believe that document destruction in this manner may be
reasonable if it is the custom and practice of the organisation to do this
in every case, and ideally if such custom and practice is documented.
Otherwise I would seek to argue in a court of law that the SAR period plus
50% shoudl elapse between the recording of the data and the shredding. The
50% is to pass a test of "reasonableness"
_____________________________________________________________
Tim Trent
Director of Database Marketing; Chief Privacy Officer EMEA
> Gartner
EMEA Marketing, Tamesis, The Glanty, Egham, Surrey, United Kingdom,
TW20 9AW
Switchboard +44 (0)1784 431 611, Direct Line +44 (0)1784 267 335, Mobile +44
(0)7710 126 618
Visit our home on the web: http://www.gartner.com
The opinions expressed in this message are my own, and may or may not
reflect those of my employer. They are expressed as a part of the
discussion on the JISCMail mailing list on data protection and for no other
purpose. They have no legal standing and are offered as part of informed
and informal discussion. They may NOT be attributed to Gartner in any way.
Any personal data provided is provided expressly for use of discussions on
the JISCMail Data Protection Discussion list. Under the UK Data Protection
Act 1998 I expressly forbid any individual or organisation to make
commercial use of my data published either on the email list or in the
archives of that or other lists whether this message appears or not. This
includes messages already published in the archives.
-----Original Message-----
From: Broom, Doreen [mailto:[log in to unmask]]
Sent: 19 April 2002 08:59
To: [log in to unmask]
Subject: Confidential References
Hi All
An ex-employee has contacted the Council for a copy of a reference which was
given to a prospective employer. I believe the ex-employee did not get the
job and wishes to obtain a copy of the reference the Council gave to that
prospective employer as the ex-employee believes that the reference caused
the ex-employee not to get the job.
Are we as the provider of the reference obliged to give that person a copy
of the reference or should the ex-employee write to the prospective employer
who in turn would have to ask the Council for permission to disclose the
reference but of course the prospective employer did not actually employ the
ex-employee so may not have kept a copy of the reference.
Sorry - it seems a very long saga but any contributions would be gratefully
accepted.
Doreen Broom
Data Administrator
Scottish Borders Council
Council HQ
Newtown St.Boswells
Melrose
Borders TD6 0SA
Tel: 01835 826516
e-mail: [log in to unmask]
**********************************************************************
This email is privileged, confidential and subject to copyright.
Any unauthorised use or disclosure of its content is prohibited.
The views expressed in this communication may not necessarily
be the views held by Scottish Borders Council
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|