We've had this discussion or ones like it more than once before - there's a large volume of messages in the archives, much of it about the specific context of HE, internal references etc!
In my view the original question was wrongly framed. Section 7(4) says that a data controller "is not obliged to comply with the request unless-
(a) the other individual has consented to the disclosure of the information to the person making the request, or
(b) it is reasonable in all the circumstances to comply with the request without the consent of the other individual".
So, to unpick the wording, the data controller is "obliged to comply" where it is "reasonable in all the circumstances". It seems to me the original question boiled down to 'how can we withhold this info?' Instead we need to be looking at the reasonableness of disclosing.
Perhaps Rosemary Pattenden needs to tell us the context she was considering. An HEI is a public authority, so Human Rights Act, Freedom of Information Act and other considerations are going to loom large when you take important decisions about people on the basis of secret information.
Paul
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|