We are back to definitions of what is a third party, as the interviewers are
clearly acting on behalf of the data controller (indeed may even work for
the data controller) they are not a third party. To define them as such
would put much of the work we do outside the reach of the data subject
without consent, which is at best against the spirit of the law.
Disclose and be damned!
Chris Tinsley
-----Original Message-----
From: Duncan Smith [mailto:[log in to unmask]]
Sent: 20 October 2004 15:13
To: 'Tinsley, Chris'
Cc: Data Protection discussion Group
Subject: RE: [data-protection] Consent
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.
The information contained in this correspondence is not intended as legal
advice or counsel, and is not represented as such by the sender. iCompli
Ltd. makes no warranties or statements regarding the legal acceptability of
the information presented in this correspondence. Any actions performed as
a result of this information are of the recipient's own choosing.
----------------------------------------------------------------------------
-------------------
Chris, your comment ...
"The promotions board are not third parties, they are clearly acting on
behalf of the data controller as either employees or agents, so the have no
way of hiding behind confidentiality"
... may not be correct.
To my knowledge neither the common law of confidentiality nor the requisite
parts of the Data Protection Act 1998 are over-ruled by consideration of who
is, and is not, the data controller.
If an individual puts in a SAR to a data controller, who in meeting their
legal obligations may disclose information about any third party i.e. not
the data subject, then great care should be taken to understand what consent
is in place to disclose, and what implications disclosure (or otherwise)
would have on both the requestor and the third party.
So yes I could "hide behind confidentiality", and indeed may wish to do so
for very valid e.g. personal safety, reasons. Although I'm not suggesting
that is the case in the scenario Gwenan put forward.
Regards,
Duncan S Smith
Managing Director
iCompli Limited Northampton UK
T: 08707 70 48 66 F: 08707 70 48 69 M: 07775 56 81 80
Mailto:[log in to unmask] Web: www.icompli.co.uk
"Compliance in your language"
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|