Maurice
Given that there is no second clock (on which point, incidentally, I agree),
and that there's no parallel clock (my interpretation of Rosemary Jay &
Angus Hamilton's assertion that there is), how do you interpret their claim
that "where any of the data are third party data for which consent is being
sought for disclosure a separate 40-day clock ticks for that data only"
[Data Protection Law & Practice 2nd ed para 11-39]?
Ian Mansbach
Mansbachs
Data Protection Practitioners
[log in to unmask]
phone: 0871 716 5060
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Maurice Frankel
Sent: 01 October 2004 14:45
To: [log in to unmask]
Subject: Re: [data-protection] Third party response consent. Was - RE: SAR
and compliance calendar days
There's no second clock, and no parallel clock. There's one 40 day clock for
the whole request, even where some data relates both to the data subject and
another individual.
Maurice Frankel
Campaign for Freedom of Information
On 1 Oct 2004, at 11:29, Ian Welton wrote:
> Ian Mansbach on 01 October 2004 at 10:31 said:-
>
>> Perhaps my reference to an SAR clock was confusing. All clocks start
>> when one receives the SAR or, if later, when one has both the fee and
>> the information referred to in s7(3). And they all finish 40 days
>> after that.
>> That is clear from s7(8) and s7(10).
>>
>> So, if the clocks run in parallel, why have two or, potentially, more
>> clocks? My interpretation (and I'm uncertain that it is what Jay and
>> Hamilton meant) is that each clock runs with its own promptness
>> obligation. In other words, you don't delay complying with the SAR on
>> the non-consent
>> stuff if you are still waiting for consent for third party
>> information. In
>> that way, if you do not get consent (and it remains reasonable not to
>> provide the data without consent), you have complied with the
>> obligation to
>> comply with the SAR promptly. But, as I have said before, others may
>> interpret this differently.
>
> I agree.
>
> Considering this over the last few days, and digging deep into my
> memory, I do recall that the ICO's office saying in the past that if
> they received a
> complaint about tardiness on a partial response where the reason given
> was
> awaiting third party consent, they would look more to the measures
> taken to
> obtain the consent and what would be a reasonable time to achieve that,
> rather than any self imposed forty day clock commencing on the date it
> was
> recognised consent may be needed; After all it could be nothing was
> being
> done for 30 of those 40 days.
>
> Having said that. Both views do seem to have some benefits:-
>
> 1. The logic of the recognising consent 40 days could provide a much
> extended cut off point at which a decision must be taken. (Albeit,
> dependent on the actions taken, that could leave the organisation very
> vulnerable.)
>
> 2. An undefined but reasonable period within which to obtain consent,
> or determine what action to take in responding with that material.
> (Which, dependent on the actions taken, could also leave the
> organisation
> vulnerable.)
>
> It would seem it is probably more important to progress the actions
> taken to obtain consent in a timely manner and document them
> carefully.
>
> Ian W
>
>> -----Original Message-----
>> From: This list is for those interested in Data Protection issues
>> [mailto:[log in to unmask]] On Behalf Of Ian Mansbach
>> Sent: 01 October 2004 10:31
>> To: [log in to unmask]
>> Subject: Re: Third party response consent. Was - RE: SAR and
>> compliance calendar days
>>
>>
>> Perhaps my reference to an SAR clock was confusing. All clocks start
>> when one receives the SAR or, if later, when one has both the fee and
>> the information referred to in s7(3). And they all finish 40 days
>> after that.
>> That is clear from s7(8) and s7(10).
>>
>> So, if the clocks run in parallel, why have two or, potentially, more
>> clocks? My interpretation (and I'm uncertain that it is what Jay and
>> Hamilton meant) is that each clock runs with its own promptness
>> obligation. In other words, you don't delay complying with the SAR on
>> the non-consent
>> stuff if you are still waiting for consent for third party
>> information. In
>> that way, if you do not get consent (and it remains reasonable not to
>> provide the data without consent), you have complied with the
>> obligation to
>> comply with the SAR promptly. But, as I have said before, others may
>> interpret this differently.
>>
>> Ian M
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|