I would tend to agree with Simon.
The data controller owes their obligation of security to the data subject
not to anyone else.
The data controller should make no moral judgements on others needs. It is
for the requestor to justify any access to data the default start point
should be no access.
Seeking data to trace individuals is common and it is easy to see possible
'damage' such a disclosure can lead to. The risk such disclosures pose for
the disclosing organisation in terms of potential litigation against them
are very real.
David Wyatt
----- Original Message -----
From: "Simon Howarth (WSL)" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, October 05, 2004 5:15 PM
Subject: Re: [data-protection] Quite an amusing one!
>I *have* to have my two penneth here as I have direct experience of where
> this type of thing can go wrong. Also you will find that the Association
> of
> Colleges have views on this.
>
> If it is vital that the parent speaks to the offspring, then they should
> be
> contacting the administration side of the establishment not lecturers. Do
> students not get forms to fill in stating who is "next of kin" or who to
> call in an emergency? If a parent calls then the establishment, if they do
> not know otherwise, should take details and pass them to the offspring. If
> the student is an adult this should be sufficient.
>
> What happens (and there have been incidences of this) when the parent of
> an
> ethnic minority girl believes she is attending college behind their backs
> and they set out to prove this? The student must come first. This is a
> real
> concern for those dealing in the sharing of student data between
> departments, because some ethnic minorities actively discourage girls from
> gaining further education.
>
> If it's life and death then it should be possible to get word to the
> student
> and they can decide themselves. To give ANY information away that may
> locate
> them and/or give information to unauthorised people, should in my opinion,
> be a great case for a claim for damages.
>
> My direct experience of this is a friend who was escaping an abusive
> father,
> even though she was 20 years old. She left home and managed to get a place
> at University. Her father got wind of this and visited what was then the
> Grants office and asked if she had made any applications for a grant. He
> was
> not only told that she had but was given a photocopy of her form showing
> her
> new address. The ending is a happy one, no thanks to the idiot who gave
> her
> details away.
>
> Parents or not, once they are an adult students deserve and should expect
> confidentiality. No if's or but's.
>
> Simon Howarth.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|