Roland Perry said:-

> Yes, that's all perfectly reasonable, but I'm still unsure 
> why you need
> to keep that data longer then the police are likely to be 
> conducting the
> enquiry. Is there actually any "business need" to keep it 
> past the point
> that the police have acknowledged receipt of the data?


How would electronic audit trails be dealt with?  Would there be a need to
delete the enquiry entry which resulted from a s.29 request?  If so how is
the integrity and evidential value of the audit trail maintained?

I personally recall when one law enforcement organisation was unable to
provide proof of legitimately obtaining some personal data after an
investigation had been completed, but during the subsequent legal processes.
The organisation who the exemption was claimed against could. That would
appear to be one reason for necessarily maintaining accurate records of
exemptions claimed against an organisation.

Another would be to protect the organisation by showing they had
legitimately disclosed information in legal circumstances.

These things do not resolve the decision process involved in subsequent SAR
disclosure, but do appear pertinent.

In my opinion, at the moment, it is simplest to have a set period of time,
and to advise law enforcement of that period, at the time the data is
provided. If they need to request an extension to that they can do so.  The
main difficulty for organisations has appeared to be the cost of managing
any system for s.29 requests.

Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection 
> issues [mailto:[log in to unmask]] On Behalf Of 
> Roland Perry
> Sent: 12 August 2004 08:36
> To: [log in to unmask]
> Subject: Re: Non Disclosures to Data Subjects - not advising them
> 
> 
> In message
> <OF9BD52F73.3D9423A5-ON80256EED.0041CF20-80256EEE.002597C9@red
> car.clevela
> nd.gov.uk>, at 07:49:59 on Thu, 12 Aug 2004, Graham Hadfield
> <[log in to unmask]> writes
> >Point 1:
> >But neither should retention of the data evidencing the law 
> enforcement
> >enquiry be forever. Why are you still holding *that*? (And 
> if you destroy
> >that data, there's nothing to disclose on a SAR).
> >
> >I didn't actually say that retention should be forever. I 
> would expect
> >though, that in most cases, like anything else, there would 
> be a length of
> >time (of whatever duration) between conclusion of a piece of work and
> >destruction of the data involved with it. If a SAR were 
> received during
> >that time we would have to decide whether to dislose or not.
> 
> Yes, that's all perfectly reasonable, but I'm still unsure 
> why you need
> to keep that data longer then the police are likely to be 
> conducting the
> enquiry. Is there actually any "business need" to keep it 
> past the point
> that the police have acknowledged receipt of the data?
> 
> >Point 2:
> >It's up to law enforcement to decide if the enquiry is over 
> + how do you
> >become aware of when an investigation is completed
> >
> >Law enforcement is not always the police. It could  well be a Council
> >prosecution mounted by trading standards - and that is the 
> sort of scenario
> >which I envisaged.
> 
> I don't think this changes the situation in *your* department [1]. If
> someone does a SAR of Trading Standards, or of the *entire* council
> department, then the data related to the enquiry will show up (or be
> silently with-held if that's appropriate) from TS records.
> 
> [1] I'm assuming here that you are the person responsible for 
> DP in one
> department of the council, eg Council Tax Collection.
> 
> --
> Roland Perry 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^