I'm afraid I can't agree with group members who have replied indicating that
they tell SAR applicants when they have withheld data. If you are legally
entitled to withhold data then withhold it - telling the applicant that you
have done reveals that this data exists. Given that, in my experience, SARs
almost always come from data subjects who have a grudge then you are just
making the situation worse. To give a photocopy of documents with sections
blanked out seems worst of all!
As it's Friday afternoon let's explore this principle to a silly degree:
"Chummy" is a local criminal with no record - not even a parking ticket.
Local police are aware of his activities and are gathering evidence against
him. Chummy becomes suspicious about the plain vans and cars permanently
parked near his house, the conspicuously innocuous man who seems to turn up
in his local pub every time he (Chummy) is there, and decides maybe the
police are onto him. Being a clued-up kind of a villain he whacks in a
Subject Access Request. The police are, of course, perfectly entitled not to
reveal what data they have about him because they have a legitimate
exemption. But by the logic some people seem to be following they would have
to tell him "we have data about you but we're not going to tell you what it
is". I think it would rather give the game away.
Stuart Cashmore
Information Security Manager
McKesson Information Solutions (UK)
The views expressed in this message are personal, and do not necessarily
reflect those of McKesson or its corporate policy.
----------------------------------------------------------------------------
The information contained in this e-mail is confidential and is intended
only for the named recipient(s). If you are not the intended recipient you
must not copy, distribute, or take any action or reliance on it.
If you have received this e-mail in error, please notify the sender.
Any unauthorised disclosure of the information contained in this e-mail
is strictly prohibited.
----------------------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|