Dear Ian
Sorry to rake this up again but I missed last week's discussion as I was
out of the office most of the week.
Just wanted to take issue with you about "confidentiality".
Confidential
references given by
the data controller
1. Personal data are exempt from section 7
if they consist of a reference given or to be
given in confidence by the data controller for
the purposes of-
(a) the education, training or employment,
or prospective education, training or
employment, of the data subject,
(b) the appointment, or prospective
appointment, of the data subject to any
office, or
(c) the provision, or prospective
provision, by the data subject of any
service.
Surely the reference is confidential if it is "given in confidence", ie is
provided by the referee direct to the organisation/body making the request
and not via the data subject. In the past this designation meant in
addition that the reference would not be revealed to the data subject.
Although things have changed and some rights of access are now given to the
data subject the type of reference we are talking about is clearly not an
"open" or "standard" one. You are merely muddying the waters by alluding
to them. There is a declared exemption in the legislation from the subject
access provisions for a data controller who provides a confidential
reference.
Don't expect a reply, just wanted to get my twopennyworth in.
Cheers
Colette
[log in to unmask]
Sent by: This list is To: [log in to unmask]
for those interested cc:
in Data Protection Subject: References/Confidential
issues References
<data-protection@JISCM
AIL.AC.UK>
23/04/2002 08:53
Please respond to
KITLegal
Dear All
There is obviously some confusion around, probably due to misunderstandings
of the terms used by enquirers at the beginning of these threads.
First of all, a distinction needs to be made between information *from* a
third party and information *about* the third party.
Outgoing References:
Where a reference is given by the data controller (assuming this is the
employer or former employer) there is no automatic exemption from subject
access rights. The exemption applies only where the reference is given in
confidence. Just because the word "confidential" is written at the top
does
not necessarily establish this as fact. Take for example the case where
the
reference is a standard one written for all employees, or where the stated
policy of the organisation is that all outgoing references are to be "open
references" - ie available to the employee. Personal references written by
managers or supervisors (eg "these are my opinions and not those of the
company") and the references are put on the employee's file, these are not
confidential references written by the data controller and therefore cannot
be withheld. If such a reference contains work information about the
employee, it could well be an illegal disclosure if the manager/supervisor
is
not authorised to disclose it.
Incoming References:
Where an incoming reference is received from, and on behalf of, a limited
company, and the only personal identifier on it is the authorised signatory
of the company, the reference could be disclosed without any consent
provided
the signature was erased or blocked out.
Where the incoming reference contains the personal views and opinions of an
individual (a person protected by the DPA) then consent should be sought
before the person's name (or other identifiers) are released - or not
released, depending on whether it is reasonable in the circumstances. Even
if consent is withheld, and it is deemed a reasonable refusal, the body of
the letter would still have to be disclosed provided you could do so
without
identifying the protected third party.
If, as an example, the reference included the words "Ian worked directly
below me and he was rubbish at his job", the words "worked directly below
me"
could be erased or blocked and the text could be disclosed.
I would advise that whichever way you go, record very carefully any
attempts
you make to obtain consent to release the person's identity and the reasons
for disclosure or non-disclosure of the personal identifier.
In either case, the body of the reference should be given if the
information
does not reveal the identity of another person.
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting
your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|