In my experience, the best route is somewhere between the two. If you
simply say "this is what you're entitled to" without explanation, they
inevitably end up pestering you further, especially in situations where
they already feel aggrieved with your organisation for some reason, or
suspect you are withholding something. If they've asked for something
very specific which I am unable to give them, I'd explain why.
Otherwise, I would give them general exemptions I've applied for third
party data etc. This is also very useful later on if it's escalated to
OIC, because you can show you considered what was appropriate and acted
accordingly, whereas the first option might indicate that you simply
didn't bother or were ignorant of your responsibilities under DPA. I
sometimes also attached relevant leaflets/factsheets downloaded from the
OIC website. I think you are best off thinking in terms of giving as
much information as is necessary to ensure that they don't darken your
door again!
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Macauley
Sent: 30 September 2004 15:07
To: [log in to unmask]
Subject: [data-protection] explaining an exemption, do we have to?
Hi all,
This is a question I asked the ICO about a year ago but would like some
consensus on what practice the profession generally uses. To be exact
do
you explain why you have not disclosed certain PD when replying to a SAR
or
do you just say, "In accordance with...you are receving what you are
entitled to..."
I was told that it does not state anywhere in the act we have to do
this,
and this is the approach I took when responding. However my new post
has a
convention from the previous DPO that they explain every little detail
of
what and why they are not receiving certain PD. Personally I prefer the
first approach especially as I have my hands full with FOI and already
having to explain those exemptions.
thanks for any help
Simon.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|