I suspect many DPA compliance officers will feel undermined by the court
ruling.
Now they need to ensure Privacy is defined and examined against all data
held in context of its use. Training those who handle subject access
extraction is an ongoing task. (You can see the DPA officers credibility
hit - WHAT you want to spend more time to retrain the staff you just
trained). Pity the Judge did not participate in the original Acts drafting.
David Wyatt
----- Original Message -----
From: "Tony Bowden" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, January 15, 2004 6:44 PM
Subject: [data-protection] OIC and Durant
> I received a response to one of my outstanding RFAs today from the OIC.
>
> Part of it states:
>
> In 2003 a new ruling was made in relation to subject access
requests
> (Durant v FSA 2003). This ruling adopts a more restrictive
approach than
> the office has previously taken. Please be awware that the office
is
> still considering the full effects of the ruling and its
implicatation
> but it seems likely that in light of the Durant Ruling the purpose
of
> section 7 of the DPA 1998 is to enable an individual to check
whether a
> data controller's processing of his persona data unlawfully
infringes
> his privacy.
>
> It is not an automatic key to any information, readily accessible
or
> not, of matters in which he may be named or involved. It is likely
in
> most cases that only information that named and directly refers to
him
> will quality. It is our view that this information does not
quality as
> personal data.
>
> As much of the information I was seeking to obtain was comments that
> members of staff made about work I did for the company (including comments
> that whilst I as working there I had to complain about), I find this to
> be a complete disregard for what I believed to be one of the purposes
> of the DPA.
>
>
> The company in question also provided approximately 1000 pages of
> completely unintellible information dumped directly from their database,
> most of which was in the form of:
>
> 19847 43821 401854
> 19847 43910 1048941
> ... etc for hundreds of pages.
>
> With each section of this they provided a reference to what this section
> was called (e.g. 'tat'), and headers which supposedly state the column
> information (customerid, tatid, otherid(!)).
>
> The OIC have also failed to get the company to elucidate further on this
> declaring that "<the company> states that much of the information is
> techical, and in each case they have provided details of what the
> information provided represents, including table headers."
>
> They have therefore closed the investigation.
>
> My view on this is that, particularly with regard to Durant, the UK is now
> no longer in compliance with the objectives of the original EC directive,
> and that Subject Access is now almost entirely a myth. A company can
> refuse to provide most information; and what they do provide can be
> completely unintelligible.
>
> Under this new approach, I suspect that most organisations will be able
> to relax their DPA procedures significantly, and that many of those
> currently employed in full-time Data Protection roles could be out of
> a job within a year.
>
> Tony
>
>
> Tony
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|