An off-list response has disagreed with the previous observations, pointing
out that the ICO has not taken any action, that the recipient would, be
subject to the fair processing notice requirements although disproportionate
effort might kick in, and that the Representation of the People Regulations
2002 contain specific rules for the use of the 'Roll'.
Sounds very much like the points previously made! The principles and
legislation need to be applied, and hence contain the constraints.
Ian W
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Ian Welton
Sent: 04 June 2003 09:50
To: [log in to unmask]
Subject: Re: Disclosing the electoral register
ALASDAIR WARWOOD on 03 June 2003 at 23:38 said:-
> Electoral Roll is not, and never has been, confidential - quite the
> reverse - EROs are required by law to make it public.
I disagree, for the following reasons - Most of the debate so far on this
subject has focused on the use of the Electoral Role within the limitations
of exemptions and other legal instruments.
Is anybody able to point out any provisions, at a level which override the
DPA, and state that the electoral register data can be used and processed
for any purpose whatsoever, by anybody, as it seems to me that the
restrictions are in actual fact the exemptions, and the other existing
legislation, which together determine what that data may be used for. Hence
the use of that data is constrained in many ways.
Notwithstanding that a stated requirement of that data is that it be
'publicly' available, it still has a degree of confidentiality attached to
it, and always has had. The ability and methods of access and restriction
of access to the data historically provided the perceived and necessary
degree of protection. The debate that the data being made publicly
available and hence open to use for any purpose, is in my opinion facile,
principle one and two still apply.
If that perception is correct, then where a new data controller, (e.g. the
person the data is initially disclosed to) uses the data for any purpose
other than what it was legitimately disclosed for, they must be in breach
the DPA provisions, and it is for the ICO, other regulatory body (or data
subject) to act, and the ERO's to make a decision as to whether to continue
making disclosures to that discredited data controller in the future. (The
responsibilities of underpaid DPO's seem to be quite heavy at times!)
Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|