Colette makes the point about confirming the identity of the data subject.
In many cases, the additional information that we ask for to search our
systems, like employee id, NI Number, numerous reference numbers, tenancy
details, school etc. also identifies Joe Soap and makes sure we get the
right Joe Soap, not his father or brother (or even Josephine, his mother).
In a Council context, doing a search across all systems only by name then
disclosing what was found would be very risky. Even if the address matched,
I'd think twice.
Paranoid? Me?
Allan
-----Original Message-----
From: Colette Healiss [mailto:[log in to unmask]]
Sent: Thursday, 17 January 2002 13:16
To: [log in to unmask]
Subject: Re: Supplying information to locate data
My understanding is that the onus is on the data controller to be in a
position to locate where personal information is stored and to make it
available to data subjects on request. The information commissioner
recognises that there may be some difficulty with achieving this but
expects data controllers to do what is reasonable. There is also some
emphasis on the data subject providing adequate information to help
identify important sources of the data they want to access and the data
controller is entitled to satisfy himself of the data subjects identity
before disclosing the information.
Leif Wilks
<leif.wilks@KIRKLEESMC To:
[log in to unmask]
.GOV.UK> cc:
Sent by: This list is Subject: Re: Supplying
information to
for those interested locate data
in Data Protection
issues
<data-protection@JISCM
AIL.AC.UK>
16/01/2002 16:58
Please respond to Leif
Wilks
We seem to be getting conflicting views from the OIC on this.
Gill Smith says that their advice is that "if someone asked to see what
information the Council held about them but did not give sufficient
information to assist you in locating the
information, such as connections or relationship with the council, you
would
still be expected to process their request. You would be expected to
search
the most obvious information systems (paper, IT, etc) where information
about them may be held, (such as the Council Tax database) and provide
information to them."
I was at a meeting some time ago where Peter Bloomfield from the OIC said
quite clearly that we do not need to respond to requests in the form "all
the data that you hold" with no indication of where it might be.
Section 7(3) seems to me to be pretty unambiguous.
Leif Wiks
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4807.2300" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 8pt Comic Sans MS; MARGIN-LEFT: 2px">
<DIV><FONT size=2>We seem to be getting conflicting views from the OIC on
this.</FONT></DIV>
<DIV><FONT size=2>Gill Smith says that their advice is that "if
someone asked to see what information the Council held about them but did
not
give sufficient information to assist you in locating the<BR>information,
such
as connections or relationship with the council, you would<BR>still be
expected
to process their request. You would be expected to search<BR>the most
obvious information systems (paper, IT, etc) where information<BR>about
them may
be held, (such as the Council Tax database) and provide<BR>information to
them."</FONT></DIV>
<DIV><FONT size=2>I was at a meeting some time ago where Peter Bloomfield
from
the OIC said quite clearly that we do not need to respond to requests in
the
form "all the data that you hold" with no indication of where it might
be.</FONT></DIV>
<DIV><FONT size=2>Section 7(3) seems to me to be pretty
unambiguous.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Leif Wiks</FONT></DIV>
<DIV><FONT size=2> </DIV>
<DIV><BR></DIV></FONT></BODY></HTML>
***************************************************************************
Disclaimer: This e-mail and any file transmitted with it are confidential,
subject to copyright and intended solely for the use of the individual
or entity to whom they are addressed. It may contain privileged
information.
Any unauthorised review, use, disclosure, distribution or publication is
prohibited.
If you have received this e-mail in error please contact the sender by
reply e-mail and destroy and delete the message and all copies from
your computer.
***************************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************
The information transmitted is intended only
for the person to whom it is addressed and may
contain confidential and/or privileged material.
If you have received this email in error please
notify the Council - see
http://www.east-ayrshire.gov.uk or email
[log in to unmask] - and then
delete all copies of it from your systems.
Any use of, or any action relying upon, this
information by persons other than the intended
recipient is prohibited.
Although East Ayrshire Council scans incoming
and outgoing emails and email attachments for
viruses we cannot guarantee this communication
to be free of all viruses nor accept any
responsibility for viruses.
Although East Ayrshire Council monitors incoming
and outgoing emails for inappropriate content,
the Council cannot be held responsible for the
views or expressions of the author.
The views expressed may not necessarily be those
of East Ayrshire Council and the Council cannot
be held responsible for any loss or injury
resulting from the contents of this message.
**********************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|