I am not totally sure about this, but if you know it is a truly official
source asking the questions then I suppose you have to decide if the request
for disclosure is OK.

I am acutely aware that this is a bone of contention for such organisations
as the Association of Colleges which I have had dealings with on related
subjects. One of their fears is certain "minorities" attending courses that
might get them into trouble, e.g. students from oppressive regimes or
students with parents that do not know they are attending certain courses.
This is more common than people realise and releasing personal data, even
confirming attendance to the wrong people could lead them into trouble. I am
aware of anecdotal evidence that one group of parents pretended to be an
official organisation to ascertain the course their daughter was on. I am
not sure how true this is, but it could happen and it could lead the
daughter into "danger". It's imperative IMHO that the source of the request
really needs and has a right to access this data. Even saying "yes, they are
here" may be enough to cause problems....

I also have first hand knowledge of this activity - sadly before the '98 DPA
came into force, fortunately with no adverse consequences, but I know it did
happen once, even if it was in 1986!

I am not sure that the above comments help, but maybe they may aid further
thinking?

Simon Howarth.

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Sally Justice
Sent: 04 August 2004 15:16
To: [log in to unmask]
Subject: [data-protection] Releasing data to third parties

I have just been sending out a reminder to our Staff about not releasing
personal data to third parties without proper authority. Our International
Office has told me that they often get phone calls which are URGENT asking
for a student status, means are they a student here, what course are they
attending, and possibly performance/attendance (this I consider to be very
personal) with the University as the student has been held up at immigration
or customs etc. This is not prevention and detection of crime.

I would like to know how other Universities handle these types of requests
when there isn't time to send in the proper paperwork etc.

Also I understand that  requests from H M Embassy Visa section in Beijing
China have  been made in the context of a significant, but unannounced,
change of Government policy regarding student visas in China. In recent
months the Visa Section has rejected about 50% of student visa applications
on grounds of fraudulent documentation or failure to provide evidence to
support the claimed financial status or intent to study in UK. In some cases
UK universities are reporting 70% application failure rates, and even worse.

I understand this has been discussed at a number of ac.uk forums but not on
the DP list as yet?!

I would be interested to hear your comments, practices and  advice on how
you handle these requests

--
Sally Justice
JANET/Internet Web Manager
Computer Services Department
London South Bank University
Borough Road
London SE1 0AA
Tel: 020 7815 6509 |   lsbu.ac.uk/services/


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^