Whilst not wishing to disagree with the advice given by Ian Buckland, I
think it should be borne in mind that it assumes that the Information
Commissioner's interpretation of Schedule 7 and s.7 will be accepted in a
court of law. It may not be. The text of the DPA and comments in a
Government paper that preceded it allow for arguments of statutory
intepretation that would not produce the interpretation that the
Commissioner has adopted: that confidential references are protected in the
hands of the sender but not (subject to protection of third parties) in the
hands of the recipient. One point that a court would have to address is
whether an opinion expressed by A about B is information about A. The
Information Commissioner assumes that A's identity is information about A,
but that A's opinion about B is not.
Until such time as there is a test case, the Commissioner's advice is the
most authoritative guidance available, but I am sure that the Commissioner
would be the first to acknowledge that it is not legally binding.
Rosemary Pattenden
----- Original Message -----
From: <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, April 23, 2002 8:53 AM
Subject: References/Confidential References
> Dear All
>
> There is obviously some confusion around, probably due to
misunderstandings
> of the terms used by enquirers at the beginning of these threads.
>
> First of all, a distinction needs to be made between information *from* a
> third party and information *about* the third party.
>
> Outgoing References:
> Where a reference is given by the data controller (assuming this is the
> employer or former employer) there is no automatic exemption from subject
> access rights. The exemption applies only where the reference is given in
> confidence. Just because the word "confidential" is written at the top
does
> not necessarily establish this as fact. Take for example the case where
the
> reference is a standard one written for all employees, or where the stated
> policy of the organisation is that all outgoing references are to be "open
> references" - ie available to the employee. Personal references written
by
> managers or supervisors (eg "these are my opinions and not those of the
> company") and the references are put on the employee's file, these are not
> confidential references written by the data controller and therefore
cannot
> be withheld. If such a reference contains work information about the
> employee, it could well be an illegal disclosure if the manager/supervisor
is
> not authorised to disclose it.
>
>
> Incoming References:
> Where an incoming reference is received from, and on behalf of, a limited
> company, and the only personal identifier on it is the authorised
signatory
> of the company, the reference could be disclosed without any consent
provided
> the signature was erased or blocked out.
>
> Where the incoming reference contains the personal views and opinions of
an
> individual (a person protected by the DPA) then consent should be sought
> before the person's name (or other identifiers) are released - or not
> released, depending on whether it is reasonable in the circumstances.
Even
> if consent is withheld, and it is deemed a reasonable refusal, the body of
> the letter would still have to be disclosed provided you could do so
without
> identifying the protected third party.
>
> If, as an example, the reference included the words "Ian worked directly
> below me and he was rubbish at his job", the words "worked directly below
me"
> could be erased or blocked and the text could be disclosed.
>
> I would advise that whichever way you go, record very carefully any
attempts
> you make to obtain consent to release the person's identity and the
reasons
> for disclosure or non-disclosure of the personal identifier.
>
> In either case, the body of the reference should be given if the
information
> does not reveal the identity of another person.
>
>
> Ian Buckland
> Managing Director
> Keep IT Legal Ltd
>
> Please Note: The information contained in this document does not replace
or
> negate the need for proper legal advice and/or representation. It is
> essential that you do not rely upon any advice given without contacting
your
> solicitor. If you need further explanation of any points raised please
> contact Keep I.T. Legal Ltd at the address below:
>
> 55 Curbar Curve
> Inkersall, Chesterfield
> Derbyshire S43 3HP
> (Reg 3822335)
> Tel: 01246 473999
> Fax: 01246 470742
> E-mail: [log in to unmask]
> Website: www.keepitlegal.co.uk
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|