Maurice Frankel on 01 June 2004 at 13:24 said:-
> I'm not sure I would characterise the common law as something which
> only operates after harm has been done (point 1 below). If you know
> that a breach of confidence is being considered, you can obtain an
> injunction against it before the harm is done.
You will have to forgive my inadequate description of the point. Put it down
to my restricted knowledge in that area and a layman's wording formed from
explanations necessarily given to me as a data protection practitioner,
together with my privacy readings.
It is certainly my impression that the courts should not in themselves
generate law in areas for which law does not already exist without reference
to other more comprehensive/generic law. The task for generating new
regulation is for whichever legislative structure the country in question
has in place. But just as moral positions and suasions differ, some
theories of law may have different perspectives.
E.g. "Inherent in the British system, ... [snip] ... was the unwritten
assumption that every subject is free to do that which is not forbidden by
law; what are generally known as 'negative rights'."
On the other side of the coin are what seem to be termed 'positive rights'
laws. Those which provide some positive protection to their subject matter.
They seem to often be generically classified as Human Rights laws by many,
but do cover as many areas as the Common Law does. Preference for any
particular system would seem to be down to historical circumstances, or
special interests.
It has certainly been my impression so far that the DPA would mostly
classify as a 'positive rights' and the Common law does classify as
'negative rights' law. Perhaps one of the legal experts in the group could
correct that if my statement is incorrect.
> The 1984 DPA also
> regulated the collection of data, and that wasn't the result of human
> rights law.
The DPA 1984 emanated from the 'Convention for the Protection of Individuals
with regard to Automatic Processing of Personal Data' (ETS 108.) The
preamble of which provided a very clear link to all of its legal bases
(positive and negative), including Human Rights. As does the Directive.
Would not most laws, reflect the international instruments agreed to as a
means of furthering perceived national interests internationally, as the DPA
and its guidance should also in a similar way have much in common with other
nation states following the same Directive, as a means of promoting trade?
If any one part of the whole were ignored when considering the DPA
principles the outcome could be very flawed indeed. A good job the ICO is
there providing his guidance, which should reflect all those matters.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Maurice Frankel
> Sent: 01 June 2004 13:24
> To: [log in to unmask]
> Subject: Re: Disclosure to defence solicitor
>
>
> In the medical field, the DPA often makes only a relatively modest
> contribution to patient privacy compared to the common law of
> confidence and the requirements of professional ethics, both of which
> give high priority to confidentiality (eg a doctor can be struck off
> for a serious breach of patient confidentiality). Its risky
> to approach
> patient confidentiality primarily as a DP issue, because these other
> regimes often provide far more substantial safeguards and penalties.
>
> I'm not sure I would characterise the common law as something which
> only operates after harm has been done (point 1 below). If you know
> that a breach of confidence is being considered, you can obtain an
> injunction against it before the harm is done. If you are a health
> body or professional considering the legality of a proposed disclosure
> you would consider all the relevant legal provisions (Article
> 8, law of
> confidence, DPA etc) before going ahead, not just the human rights
> provisions. It may be that some provisions operate before
> any question
> of disclosure arises (eg regulating what you can record), but doesn't
> that just depend on the nature of the provision? The 1984 DPA also
> regulated the collection of data, and that wasn't the result of human
> rights law.
>
> Maurice Frankel
>
> On 31 May 2004, at 11:40, ianwelton wrote:
> >
> > It is a DP issue directly relevant to those who are concerned with
> > disclosure/use issues relating to medical data.
> >
> > Otherwise personally I perceive it as a more generic but
> very important
> > issue covering justificatory cause for principle one compliance when
> > looking
> > at Schedule 1 or 2 conditions; Hence how to approach any DP matter,
> > what
> > questions are relevant in that approach and the content of
> any Code of
> > Practice.
> >
> > i.e. Can I collect and use data regarding a persons reading
> habits or
> > particular viewpoints for organisational purposes. If that is
> > possible, what
> > justification could provide legitimacy for that purpose, what
> > restrictions
> > will exist surrounding that data, and how can the other
> principles be
> > effectively implemented to reflect that situation?
> >
> >
> > My understanding is that answers emanating from the Common law and
> > answers
> > emanating from Human Rights law can differ, sometimes in fundamental
> > ways:
> >
> > 1. Common law requires individuals to prove they have been harmed
> > after any
> > event and may need to catch up (Expensive for all involved);
> >
> > 2. Human Rights law requires sufficient cause/reason prior to any
> > personal
> > data collection and hence before any harm is caused to the data
> > subject.
> >
> > Human Rights law has a wide international and considered signatory
> > base, so
> > would seem more widely geographically relevant.
> > The Common law depends on historical origins and is
> frequently focused
> > for
> > various reasons.
> >
> > I also think the Human Rights law is what is termed
> 'superior law', so
> > takes
> > precedence over the Common law. Perhaps one of the lawyers in the
> > group
> > could confirm/deny that.
> >
> > Each EU member states ICO's guidance should actually
> reflect the base
> > set of
> > laws which they use to formulate their guidance, and hence
> the eventual
> > accuracy, effectiveness, scope and resilience of that guidance.
> > Providing
> > guidance focused on a set of the common law would seem to inevitably
> > leave
> > any guidance vulnerable and only of restricted use to international
> > business.
> >
> >
> > Ian W
> >
> >> -----Original Message-----
> >> From: This list is for those interested in Data Protection
> >> issues [mailto:[log in to unmask]] On Behalf Of
> >> DPCS Associates
> >> Sent: 30 May 2004 23:26
> >> To: [log in to unmask]
> >> Subject: Re: Disclosure to defence solicitor
> >>
> >>
> >> Have I completely lost the plot? Is this really a data
> >> protection issue?
> >> Please help.
> >>
> >> Caution, I have lacked group support on similar issues in
> the past,
> >> however, it would be great to hear the views of members who
> >> may or not agree
> >> with my comments.
> >>
> >>
> >> Freddie
> >>
> >>
> >> ----- Original Message -----
> >> From: "Rosemary Pattenden" <[log in to unmask]>
> >> To: <[log in to unmask]>
> >> Sent: Sunday, May 30, 2004 10:28 AM
> >> Subject: Re: Disclosure to defence solicitor
> >>
> >>
> >> In Z v Finland (1998) 25 EHRR 371 the European Court of Human
> >> rights would
> >> not have upheld a court order that compelled the applicant's
> >> doctor to give
> >> evidence of her HIV status in criminal proceedings against
> >> her husband had
> >> the questioning taken place in open court:
> >>
> >> "The interference with the applicant's private and family
> >> life which the
> >> contested orders entailed was thus subject to important
> >> limitations and was
> >> accompanied by effective and adequate safeguards against
> >> abuse" para 103
> >>
> >> In the light of this, I think that cross-examination of a
> >> witness about HIV
> >> status without first seeking to have the court closed to the
> >> public and a
> >> fortiori establishing that the witness actually knows that
> s/he is HIV
> >> positive, is an unjustifiable breach of article 8. Counsel
> >> should not have
> >> sought to put the questions in the circumstance that he did
> >> and as soon as
> >> the question was put to the witness, the judge should have
> >> stopped counsel
> >> and had a discussion about the questioning with counsel.
> >>
> >> Rosemary Pattenden
> >>
> >> -----Original Message-----
> >> From: This list is for those interested in Data Protection issues
> >> [mailto:[log in to unmask]] On Behalf Of ianwelton
> >> Sent: 29 May 2004 20:00
> >> To: [log in to unmask]
> >> Subject: Re: Disclosure to defence solicitor
> >>
> >> Maurice Frankel on 28 May 2004 at 17:53 said:-
> >>
> >>> As Ian suggests, the DPA is not the only potential restraint on
> >>> disclosure in such cases. The more substantial restriction is the
> >>> common law obligation of confidentiality, which would
> >>> normally apply to
> >>> a patient's medical details. Section 35 wouldn't be
> relevant to that
> >>> question.
> >>
> >> A strange situation when an older frame of law (common law)
> >> which works by
> >> exclusion (you can do whatever is not forbidden) should
> provide more
> >> substantial restrictions protecting individual privacy
> where new laws
> >> (HRA/DPA) ostensibly regulating by inclusion (do not intrude
> >> into these
> >> areas without good and specific cause) do not. That would
> >> seem to indicate
> >> the DPA fails at the first hurdle in meeting the Directive
> >> requirements
> >> where medical records are concerned. :- "1. In accordance
> with this
> >> Directive, Member States shall protect the fundamental rights
> >> and freedoms
> >> of natural persons, and in particular their right to privacy
> >> with respect to
> >> the processing of personal data."
> >>
> >> Reverting to the earlier post by DREW Nic on 25 May 2004 at
> >> 14:12 if the
> >> common law confidentiality issues and legal procedure rules
> >> were the only
> >> protections for the individual when the witness was informed
> >> they had HIV in
> >> a witness box, then clearly such procedures and rules are
> >> inadequate, unless
> >> of course the solicitors/lawyers did not take notice of them
> >> or were able to
> >> claim exemptions for some reason.
> >>
> >>> The question of what is necessary for the legal action is
> really for
> >>> the court to decide rather than for an NHS body which isn't
> >> a party to
> >>> the proceedings. Presumably this would normally be done in
> >> accordance
> >>> with the Civil Procedure Rules via a court order.
> >>
> >> Does the court no make a determination on relevancy to a
> case when the
> >> material is presented to the court, after the
> solicitors/lawyers have
> >> collected it and themselves determined if it meets the
> >> necessary rules?
> >>
> >> Ian W
> >>
> >>
> >>> -----Original Message-----
> >>> From: This list is for those interested in Data Protection
> >>> issues [mailto:[log in to unmask]] On Behalf Of
> >>> Maurice Frankel
> >>> Sent: 28 May 2004 17:53
> >>> To: [log in to unmask]
> >>> Subject: Re: Disclosure to defence solicitor
> >>>
> >>>
> >>> As Ian suggests, the DPA is not the only potential restraint on
> >>> disclosure in such cases. The more substantial restriction is the
> >>> common law obligation of confidentiality, which would
> >>> normally apply to
> >>> a patient's medical details. Section 35 wouldn't be
> relevant to that
> >>> question.
> >>>
> >>> When you disclose to the patient's own lawyers, you would
> >> normally be
> >>> doing so with the patient's consent - so no question of breach of
> >>> confidence. From what you say, the disclosure seems to have
> >>> been to the
> >>> other side's lawyers, and the patient hasn't consented, which does
> >>> raise the question of breach of confidence.
> >>>
> >>> The question of what is necessary for the legal action is
> really for
> >>> the court to decide rather than for an NHS body which isn't
> >> a party to
> >>> the proceedings. Presumably this would normally be done in
> >> accordance
> >>> with the Civil Procedure Rules via a court order.
> >>>
> >>> Maurice Frankel
> >>> Campaign for Freedom of Information
> >>>
> >>> On 28 May 2004, at 09:07, Ian Mansbach wrote:
> >>>
> >>>>> I have received a complaint from a patient that we have
> >>> disclosed some
> >>>>> medical information (relating to an attendance in our A & E
> >>>>> department) to
> >>>>> the defence solicitor in a court case in which he is
> taking legal
> >>>>> action
> >>>>> against his former employer.
> >>>>>
> >>>>> Have we done wrong here? S35 expemption in the DP Act
> states that
> >>>>> personal
> >>>>> data are exempt from non-disclosure provisions where the
> >>> disclosure is
> >>>>> necessary for the purpose of, or in connection with, any legal
> >>>>> proceedings
> >>>>> (ncluding prospective legal proceedings).
> >>>>>
> >>>>> It seems clear cut to me - but am I being too simplistic here -
> >>>>> perhaps we
> >>>>> should not have disclosed to "the opposition", so to speak.
> >>>>
> >>>>
> >>>> John
> >>>>
> >>>> I am NOT a a lawyer but my understanding is that a court
> >>> order is not a
> >>>> prerequisite when applying the s.35(2) exemption. However,
> >>> perhaps more
> >>>> importantly, exemption from the non-disclosure provisions
> >> of the DPA
> >>>> does
> >>>> not mean one is required to disclose. It just means you are not
> >>>> prohibited
> >>>> from disclosing by virtue of the non-disclosure provisions
> >>> of the Act.
> >>>> One
> >>>> may have some other - very good - reason(s) for not
> >>> disclosing personal
> >>>> data (or at least not without consent or a court order)
> >>> such as client
> >>>> or
> >>>> patient confidentiality.
> >>>>
> >>>> Ian Mansbach
> >>>> Mansbachs
> >>>> Data Protection Practitioners
> >>>> [log in to unmask]
> >>>> phone: 0871 716 5060
> >>>> international: +44 (871) 716 5060
> >>>>
> >>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>>> All archives of messages are stored permanently and are
> >>>> available to the world wide web community at large at
> >>>> http://www.jiscmail.ac.uk/lists/data-protection.html
> >>>> If you wish to leave this list please send the command
> >>>> leave data-protection to [log in to unmask]
> >>>> All user commands can be found at : -
> >>>> http://www.jiscmail.ac.uk/help/commandref.htm
> >>>> (all commands go to [log in to unmask] not the
> list please)
> >>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>>>
> >>>
> >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>> All archives of messages are stored permanently and are
> >>> available to the world wide web community at large at
> >>> http://www.jiscmail.ac.uk/lists/data-protection.html
> >>> If you wish to leave this list please send the command
> >>> leave data-protection to [log in to unmask]
> >>> All user commands can be found at : -
> >>> http://www.jiscmail.ac.uk/help/commandref.htm
> >>> (all commands go to [log in to unmask] not the list please)
> >>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>>
> >>
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> All archives of messages are stored permanently and are
> >> available to the world wide web community at large at
> >> http://www.jiscmail.ac.uk/lists/data-protection.html
> >> If you wish to leave this list please send the command
> >> leave data-protection to [log in to unmask]
> >> All user commands can be found at : -
> >> http://www.jiscmail.ac.uk/help/commandref.htm
> >> (all commands go to [log in to unmask] not the list please)
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> All archives of messages are stored permanently and are
> >> available to the world wide web community at large at
> >> http://www.jiscmail.ac.uk/lists/data-protection.html
> >> If you wish to leave this list please send the command
> >> leave data-protection to [log in to unmask]
> >> All user commands can be found at : -
> >> http://www.jiscmail.ac.uk/help/commandref.htm
> >> (all commands go to [log in to unmask] not the list please)
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> All archives of messages are stored permanently and are
> >> available to the world wide web community at large at
> >> http://www.jiscmail.ac.uk/lists/data-protection.html
> >> If you wish to leave this list please send the command
> >> leave data-protection to [log in to unmask]
> >> All user commands can be found at : -
> >> http://www.jiscmail.ac.uk/help/commandref.htm
> >> (all commands go to [log in to unmask] not the list please)
> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >>
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|