There's no second clock, and no parallel clock. There's one 40 day
clock for the whole request, even where some data relates both to the
data subject and another individual.
Maurice Frankel
Campaign for Freedom of Information
On 1 Oct 2004, at 11:29, Ian Welton wrote:
> Ian Mansbach on 01 October 2004 at 10:31 said:-
>
>> Perhaps my reference to an SAR clock was confusing. All
>> clocks start when
>> one receives the SAR or, if later, when one has both the fee and the
>> information referred to in s7(3). And they all finish 40 days
>> after that.
>> That is clear from s7(8) and s7(10).
>>
>> So, if the clocks run in parallel, why have two or, potentially, more
>> clocks? My interpretation (and I'm uncertain that it is what Jay and
>> Hamilton meant) is that each clock runs with its own
>> promptness obligation.
>> In other words, you don't delay complying with the SAR on the
>> non-consent
>> stuff if you are still waiting for consent for third party
>> information. In
>> that way, if you do not get consent (and it remains reasonable not to
>> provide the data without consent), you have complied with the
>> obligation to
>> comply with the SAR promptly. But, as I have said before, others may
>> interpret this differently.
>
> I agree.
>
> Considering this over the last few days, and digging deep into my
> memory, I
> do recall that the ICO's office saying in the past that if they
> received a
> complaint about tardiness on a partial response where the reason given
> was
> awaiting third party consent, they would look more to the measures
> taken to
> obtain the consent and what would be a reasonable time to achieve that,
> rather than any self imposed forty day clock commencing on the date it
> was
> recognised consent may be needed; After all it could be nothing was
> being
> done for 30 of those 40 days.
>
> Having said that. Both views do seem to have some benefits:-
>
> 1. The logic of the recognising consent 40 days could provide a much
> extended cut off point at which a decision must be taken. (Albeit,
> dependent
> on the actions taken, that could leave the organisation very
> vulnerable.)
>
> 2. An undefined but reasonable period within which to obtain consent,
> or
> determine what action to take in responding with that material. (Which,
> dependent on the actions taken, could also leave the organisation
> vulnerable.)
>
> It would seem it is probably more important to progress the actions
> taken to
> obtain consent in a timely manner and document them carefully.
>
> Ian W
>
>> -----Original Message-----
>> From: This list is for those interested in Data Protection
>> issues [mailto:[log in to unmask]] On Behalf Of
>> Ian Mansbach
>> Sent: 01 October 2004 10:31
>> To: [log in to unmask]
>> Subject: Re: Third party response consent. Was - RE: SAR and
>> compliance calendar days
>>
>>
>> Perhaps my reference to an SAR clock was confusing. All
>> clocks start when
>> one receives the SAR or, if later, when one has both the fee and the
>> information referred to in s7(3). And they all finish 40 days
>> after that.
>> That is clear from s7(8) and s7(10).
>>
>> So, if the clocks run in parallel, why have two or, potentially, more
>> clocks? My interpretation (and I'm uncertain that it is what Jay and
>> Hamilton meant) is that each clock runs with its own
>> promptness obligation.
>> In other words, you don't delay complying with the SAR on the
>> non-consent
>> stuff if you are still waiting for consent for third party
>> information. In
>> that way, if you do not get consent (and it remains reasonable not to
>> provide the data without consent), you have complied with the
>> obligation to
>> comply with the SAR promptly. But, as I have said before, others may
>> interpret this differently.
>>
>> Ian M
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|