This is true. The Data Subject cannot complain that data has been
unreasonably withheld if they do not know it has been withheld.
Nevertheless, I haven't heard anything which makes me think that in such
situations, I am obliged to inform someone that information has been
withheld. To do so may in fact reveal to the requester what the information
is, negating the decision to withhold and potentially causing risks or
inviting action for breach of confidence. I think that the IC advice was
correct - you are not obliged to tell the Data Subject, but you can. In many
case, I would and I have done - but not because I believed I was obliged to.
> ----------
> From: Carter, Antoinette
> (CCM)[SMTP:[log in to unmask]]
> Reply To: Carter, Antoinette (CCM)
> Sent: 10 August 2004 15:12
> To: [log in to unmask]
> Subject: Re: [data-protection] Non Disclosures to Data Subjects - not
> advi sing them
>
> But the ICO could not ask the question "why did you withhold x, y, z" if
> you had not told the data subject what "x, y, z" was.
>
> To para-phrase Donald Rumsfelt, there are known knowns, unknown knowns,
> and unknown unknowns. How can we ask for it, if we don't know what "it"
> is?
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Broom, Doreen
> Sent: 10 August 2004 14:48
> To: [log in to unmask]
> Subject: Re: [data-protection] Non Disclosures to Data Subjects - not
> advi sing them
>
> ***** THIS EMAIL WAS SENT VIA THE INTERNET *****
>
> Should have said "not" provided.
> D
>
> -----Original Message-----
> From: Broom, Doreen
> Sent: 10 August 2004 14:22
> To: [log in to unmask]
> Subject: Re: Non Disclosures to Data Subjects - not advi sing them
>
>
> ***** THIS EMAIL WAS RECEIVED FROM THE INTERNET *****
>
> ***** THIS EMAIL WAS SENT VIA THE INTERNET *****
>
> I have had experience of OIC writing to me to ask why certain
> information was provided. I explained the reasons and never ended up in
> Court. Anything with justification is OK. D
>
>
> -----Original Message-----
> From: Arthur Howell [mailto:[log in to unmask]]
> Sent: 10 August 2004 14:08
> To: [log in to unmask]
> Subject: Re: Non Disclosures to Data Subjects - not advi sing them
>
>
> ***** THIS EMAIL WAS RECEIVED FROM THE INTERNET *****
>
> It's not a question of exemptions that are applicable, if I as a Data
> Subject have suffered distress and it was due to a confidential letter
> (but did not know that it existed) and I request all the data held,
> then I would expect to receive it or be advised that the contents cannot
> be disclosed because it is confidential. I can then challenge that in
> court however, what the ICON is saying is that I (as the Data
> controller) do not have a requirement to even tell the Subject about the
> letter in which case they will never know - Is that fair?
>
>
>
> -----Original Message-----
> From: Tim Turner [mailto:[log in to unmask]]
> Sent: 10 August 2004 13:59
> To: [log in to unmask]
> Subject: Re: Non Disclosures to Data Subjects - not advi sing them
>
>
> Unless there is a crucial bit I have missed, the Data Protection Act
> does not require Data Controllers to inform Data Subjects about which
> exemptions they have used. In what way is it incorrect to advise people
> that this is the case? The IC's staff, in my experience, tell you what
> the Act says. Anything more than that is good practice and rightly or
> wrongly, they don't go in for that. It's not incorrect, it just might
> seem undesirable. Most of them won't tell you what you should do, only
> what you have to do. In any given individual case, it might be right to
> tip the requester off about the type of information you've withheld, and
> equally it might be right to tell them the absolute minimum. And it's
> the DP officer on the ground who should do that, having had their
> parameters set by the Act (first and foremost) and then by the
> regulator.
>
> Tim Turner
> Wigan Council
>
> > ----------
> > From: Carter, Antoinette
> > (CCM)[SMTP:[log in to unmask]]
> > Reply To: Carter, Antoinette (CCM)
> > Sent: 10 August 2004 12:31
> > To: [log in to unmask]
> > Subject: Re: [data-protection] Non Disclosures to Data Subjects -
> not
> > advising them
> >
> > I completely agree with you; being kept in the dark as to what
> > information has been withheld from the data subject gives the Data
> > Controller carte blanche to do precisely what they want with no form
> > of redress.
> >
> > But I don't think it is the DP Act at fault, it's the ICO's inability
> > (or unwillingness?) to apply the law correctly that is the problem.
> > Is it any wonder the EU are investigating us.
> >
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Arthur Howell
> > Sent: 10 August 2004 12:09
> > To: [log in to unmask]
> > Subject: [data-protection] Non Disclosures to Data Subjects - not
> > advising them
> >
> > This may be of interest.
> >
> > The original question to the IC Office was:-
> >
> > I recently telephoned to get clarification on whether we should advise
>
> > the Data Subject that we are not disclosing certain confidential
> > information, I was advised that we need not inform the Data Subject,
>
> > I am somewhat disturbed by this advice.
> >
> > If the information pertains to an investigation (crime and taxation ,
> > distress may be caused etc) and there is an exemption and we need
> > not advise, then there is no issue however, if it is a duty to
> > confidentiality only I believe the Data Subject has a right to be
> > informed that we are not disclosing for that reason (they can then
> > challenge that decision through the courts etc).
> >
> > If we do not inform the Data Subject that we are withholding
> > information then this goes against the very reason for the Act in that
>
> > he/she has a right to know whether we hold information and if so a
> > copy unless we cannot disclose (Fairly and Lawfully?).
> >
> >
> > I would like a definitive statement as to whether we should always
> > advise the Data Subject that we are not disclosing unless an exemption
>
> > applies. of the Act.
> >
> > The reply from the IC Office is:-
> >
> > ________________________________________________________________
> >
> > I can confirm that the information provided to you by the Helpline is
> > correct. When responding to a subject access request, the data
> > controller is required to do various things however there is no
> > requirement that the individual concerned be told of any exemptions
> > that have been applied or about information that has been withheld.
> >
> > The Act merely requires that data controllers supply individuals with
> > access (usually copies) of all that personal data that the Act
> > requires to be provided in response to the request.
> >
> > There is no legal requirement to advise individuals if or why any
> > information has not been supplied in response to a subject access
> > request however there is also no bar on this being provided on a
> > voluntary basis - this is entirely up to the data controller to
> > decide.
> >
> > As you say there are circumstances (eg s29) where it may not be
> > sensible to provide such information. Ultimately it is for the data
> > controller to take a view on this voluntary action.
> > ______________________________________________________________
> >
> > My faith in the DP Act is diminishing.
> >
> > Arthur
> > Bath & North East Somerset Council
> >
> > **********************************************************************
> > The views and comments expressed in this email are confidential to the
>
> > recipients and should not be passed on to others without permission.
> > This email message does not necessarily express the views of Bath &
> > North East Somerset
> Council
> > and should
> > be considered personal unless there is a specific statement to the
> > contrary.
> >
> > This footnote also confirms that this email message has been checked
> > for all known viruses by the MessageLabs Virus Scanning Service.
> >
> > Making Bath & North East Somerset a better place to Live, Work and
> > Visit.
> > **********************************************************************
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> **********************************************************************
> The views and comments expressed in this email are confidential to the
> recipients
> and should not be passed on to others without permission. This email
> message does
> not necessarily express the views of Bath & North East Somerset Council
> and should
> be considered personal unless there is a specific statement to the
> contrary.
>
> This footnote also confirms that this email message has been checked for
> all
> known viruses by the MessageLabs Virus Scanning Service.
>
> Making Bath & North East Somerset a better place to Live, Work and
> Visit.
> **********************************************************************
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> ********************************************************************
> * This email is privileged, confidential and subject to copyright. *
> * Any unauthorised use or disclosure of its content is prohibited. *
> * The views expressed in this communication may not necessarily *
> * be the views held by Scottish Borders Council. *
> ********************************************************************
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|