The really interesting point is that, in the absence of the tipping off
offence, the Data Controller need not apply the S.29 exemption, give 2
fingers to the police, and grant Subject Access!!
C
-----Original Message-----
From: [log in to unmask]
Sent: 30 January 2002 23:27
To: [log in to unmask]
Subject: Re: Data Subject Access Requests & Police Referrals
Re Martin's point on trying to utilise the section 70 definition.
Would that mean that the 'person making the inquiry in the exercise of any
power conferred by law' then becomes a joint data controller of the audit
trails belonging to the organisation whom the enquiry is made of? It seems
to me to be that if section 70 were interpreted in the context of this
discussion, that strange outcome could arise.
Re Chris's point regarding potential methods of 'not disclosing'.
The exemption decision seems to me to be for the 'data controller' whom the
subject access request has been made to. That controller may need
information from other sources to inform any decision. But if the subject
access response is to contain audit trail data indicating any checks
conducted, and by whom, the final decision is the data controllers is it
not?
Why would it be necessary not to disclose if no prejudice would occur to any
s.29 issue?
Scenario:- An individual 'A' has something happen in their life which is
caused by individual 'B'. 'A' wishes to find out information about 'B' but
that information is not available on systems normally available to them. In
an emotional trauma they complete a s.29 exemption which is submitted to
company 'C' to elicit information about 'B'. Having elicited the
information it is used to prejudice 'B' in some completely deniable way by
'A'. Given that 'A' would not normally have access to that information and
'B' is not aware of any involvement of 'A', one of the few methods by which
'B' may legally find out what has happened is to obtain subject access from
the company(ies) which hold that type of information which prejudiced them.
If the fact that a s.29 disclosure occurred was not disclosed 'B' will never
find out that 'A' had compromised them, and the occurrence of an offence
would potentially never be discovered.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Martin Hoskins
> Sent: 30 January 2002 09:06
> To: [log in to unmask]
> Subject: Re: Data Subject Access Requests & Police Referrals
>
>
> Can I suggest a way to avoid telling the data subject that
> information has
> been passed to the police:
>
> The definition of recipient in the DPA (see sec 70) excludes
> "any person to
> whom disclosure is or may be made as a result of, or with a view to, a
> particular enquiry by or on behalf of that person in the
> exercise of any
> power conferred by law."
>
> While the definition is capable of a range of
> interpretations, it could
> suggest that disclosures to third parties (and law
> enforcement authorities)
> who have a legal right to seek information in the context of
> a particular
> enquiry are disclosures that are not disclosable to a data subject !!
>
> Regards to all
>
> Martin Hoskins
> One 2 One
>
>
> -----Original Message-----
> From: Ian Welton [mailto:[log in to unmask]]
> Sent: 29 January 2002 20:25
> To: [log in to unmask]
> Subject: Re: Data Subject Access Requests & Police Referrals
>
>
> Merely because a s.29 exemption existed at one time does not mean it
> continues to exist.
>
> You would need to have a process in place to contact the policing
> organisation who made any enquiry to determine if a s.29
> exemption could
> still be legitimately claimed.
>
> Ian W
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
******************** E-mail confidentiality notice ********************
This message is intended for the addressee only. It is private,
confidential and may be covered by legal professional privilege or
other legal or attorney/client privilege. If you have received this
message in error, please notify us and remove it from your system.
If you require assistance, please contact our London office
(telephone +44 (0) 20 7490 4000).
Masons is an international law firm with offices in London, Bristol,
Edinburgh, Glasgow, Leeds, Manchester, Brussels, Dublin, Hong Kong,
Guangzhou and Singapore.
Further information about the firm and a list of partners is
available for inspection at 30 Aylesbury Street, London EC1R OER
or from our Web site at www.masons.com
***********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|