Point 1:
But neither should retention of the data evidencing the law enforcement
enquiry be forever. Why are you still holding *that*? (And if you destroy
that data, there's nothing to disclose on a SAR).
I didn't actually say that retention should be forever. I would expect
though, that in most cases, like anything else, there would be a length of
time (of whatever duration) between conclusion of a piece of work and
destruction of the data involved with it. If a SAR were received during
that time we would have to decide whether to dislose or not.
Point 2:
It's up to law enforcement to decide if the enquiry is over + how do you
become aware of when an investigation is completed
Law enforcement is not always the police. It could well be a Council
prosecution mounted by trading standards - and that is the sort of scenario
which I envisaged.
Point 3:
How do you deal with the situation where a data subject has been
informed,by the police during an ongoing investigation, of the personal
data obtained from your organisation, as that particular person and that
information is no longer of any relevance to them or the investigation, or
its detail was disclosed during interview?
I've never been in exactly this situation before but if the Data Subject
were to be able to show me a copy of the information withheld then I might
well admit that it was the information withheld. I have had a situation
where the documents provided were copies of social services records and we
were asked by another organisation to remove the names of their employees
on the grounds that the data subject had issued threats against them. This
we did. However, copies of the documents in their entirety had actually
been properly provided to the data subject previously in the natural course
of events so the removal of the names was somewhat pointless - and the data
subject came back and said so.
Regards,
Graham
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|