Extending this thread with the result of some discussions which took place
off list:-
A description of crime and disorder partnership data sharing (where personal
data is involved rather than statistical) is a good example of why the
question:-
> ..... the logical implementation of legislation together with a
> code of practice
> and guidance, with the appropriate controls, via computerisation;.........
was put.
The differences personally perceived between a computerised and human
interface for information exchange betwixt organisations are a more
structured access, with (potentially) inherently less scope for flexibility
in the type of data exchanged, and (possibly) more accountability.
(Dependent on individual factors within any computerisation project
implementation.)
However, it is my perception that the volume of enquiries would naturally
increase, thereby creating a more controlled environment for data
controllers and data subjects - one logical legal code being supported and
strengthened by a logically structured and secured implementation method.
(My perception of an increase in volume is based upon the usefulness and
financial cost of implementing such schemes, if they were not widely useful
and cost effective in some way, they would not be worth undertaking.)
Fair obtaining and use remains an issue as I see it, with section 29
becoming applicable only to the individual enquiries which would justify
that exemption, otherwise any such system processing personal data, itself
becomes a fishing expedition.
How are the fair obtaining and use for purpose issues being effectively
dealt with in these matters out there?
Or do robust generic arguments exist to meet the all the relevant DP
principles?
Upholding the data subjects rights, or a wing and a prayer?
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Ian Welton
> Sent: 05 March 2003 14:14
> To: [log in to unmask]
> Subject: Re: Another Police one...
>
>
> What difference is there between:-
>
> the logical implementation of legislation together with a
> code of practice
> and guidance, with the appropriate controls, via computerisation;
> and
> the logical implementation of legislation together with a
> code of practice
> and guidance, with the appropriate controls, via other means?
>
>
> On another tack. It could be that the police have a
> particular suspect they
> are interested in, and are attempting to protect that
> individual, disguise
> by volume, in requesting all the data. Do they trust the
> organisation they
> are makin the request of, to keep such particularly damaging
> and sensitive
> information secret?
>
> Does the organisation they are making the request of trust
> them enough to
> provide the material in the given circumstances?
>
> Sounds like the DP officers of the two organisations may need
> to converse.
>
> Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|