Leif Wilks on 17 January 2002 at 08:35 said:-
> The Data Subject is better placed than anybody inside the
> Council to know what contacts there have been.
The issue of contact with the data controller is a key issue which the data
subject is often best placed to know I agree. However:-
1. Would the data subject know of every occasion data about them was
collected from an indirect source?
2. Would the data subject know of each various process/system, any
information collected from them was subsequently processed for/on. (They
should have some idea if principle one is properly implemented, but what if
an exemption or legislative demand is used, to re-use data for another
purpose.)
Whilst recently dealing with a request for information the data subject was
very precise in providing dates and times of contact. However it was clear
that not all the information they appeared to be after could be found. On
approaching the individual for further information it immediately became
very clear that information would be held on systems the individual would
not be aware of, and so would not know to ask for information from.
> Neither can I see why a specific request would be seen as
> more likely than a general one to "lead to
> the destruction of, or non production of, the material they
> are after."
If an individual is making a subject access request because they believe the
organisation has not correctly dealt with them, are they in a trusting frame
of mind? Do people trying to find out when wrongdoing is suspected, which
they might believe is the subject of an organisational cover up, precisely
specify that material which they may be aware of, and believe will prove the
cover up, or are they a little more circumspect, until some trust in what is
happening develops?
Extending this thread slightly. How useful is provision of the notification
to a data subject if they are trying to trace an information flow about
themselves which has been causing them some distress. It certainly would
not allow them to identify and contact any of the recipients and users of
that data (which one could assume is the purpose of the intention of section
7(1b(3))? Can the organisations themselves manage to do that?
Ian W
> -----Original Message-----
> From: Leif Wilks [mailto:[log in to unmask]]
> Sent: 17 January 2002 08:35
> To: [log in to unmask]
> Subject: RE: Supplying information to locate data
>
>
>
> I cannot agree with Ian Welton's point that "The converse of
> that of course is that we expect individuals to known an
> organisations systems as well :-) as people inside the
> business, or deny them their right of access."
> The Data Subject is better placed than anybody inside the
> Council to know what contacts there have been.
> Neither can I see why a specific request would be seen as
> more likely than a general one to "lead to
> the destruction of, or non production of, the material they
> are after."
>
> The Freedom of Information Act explicitly requires the public
> authority to assist the applicant precisely because he or she
> will not know where the information will be. There is no need
> for such a requirement in the DPA because the data subject
> already has a good idea.
> There is no reason to let a person cause a waste of public
> money by searching for non-existent data.
>
> I take Section 7(3) of the DPA to mean what it says.
>
> Leif
>
>
> >>> "Ian Welton" <[log in to unmask]> 01/16/02 07:56pm >>>
> Leif Wilks on 16 January 2002 at 16:58 said:-
>
> > the OIC said quite clearly that we do not need to respond to
> > requests in the form "all the data that you hold" with no
> > indication of where it might be.
>
> The converse of that of course is that we expect individuals
> to known an
> organisations systems as well :-) as people inside the
> business, or deny
> them their right of access.
>
> If a person feels they have a grievance against an
> organisation (and lets
> face it some form of personal disturbance often drives subject access
> requests) they are likely to feel that being too open is
> likely to lead to
> the destruction of, or non production of, the material they
> are after.
>
> When servicing a subject access request is not the work being
> conducted on
> behalf of the data subject?
> If that is so does somebody within the organisation not have
> to assist the
> data subject in finding the data they might be after?
>
>
> Ian W
>
>
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [ mailto:[log in to unmask]]On Behalf Of Leif Wilks
> > Sent: 16 January 2002 16:58
> > To: [log in to unmask]
> > Subject: Re: Supplying information to locate data
> >
> >
> > We seem to be getting conflicting views from the OIC on this.
> > Gill Smith says that their advice is that "if someone asked
> > to see what information the Council held about them but did
> > not give sufficient information to assist you in locating the
> > information, such as connections or relationship with the
> > council, you would
> > still be expected to process their request. You would be
> > expected to search
> > the most obvious information systems (paper, IT, etc) where
> > information
> > about them may be held, (such as the Council Tax database)
> and provide
> > information to them."
> > I was at a meeting some time ago where Peter Bloomfield from
> > the OIC said quite clearly that we do not need to respond to
> > requests in the form "all the data that you hold" with no
> > indication of where it might be.
> > Section 7(3) seems to me to be pretty unambiguous.
> >
> > Leif Wiks
> >
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|