The individuals who are already on such a list should be informed, as should
anyone being considered for inclusion. Human rights, natural justice and
other considerations come into play, not just DPA.
In one case I know of, a man was on a PVP list for six years for raising his
voice and swearing in a reception area after the council sent his
recently-deceased mother a final demand for her Council Tax.
The person should be informed that an incident had been reported and you
should ask them for their version of events. The officer nominated (and properly
trained) to decide whether inclusion is necessary should have all the
information at hand from both sides of the story and a list of criteria against which
the incident is measured.
The person should be informed of the decision (inclusion or not) and if to be
added to the list, how their behaviour could be improved to ensure removal at
the review date. The reviewer should also have a criteria list for checking
subsequent behaviour.
Don't forget to properly document the process at all stages, including
reasons for decisions, and remember to restrict access on a need-to-know basis. An
audit trail on the database/spreadsheet is a must. If printouts are given to
repairs or home visit officers for use over the weekend/holidays then you
should ensure the lists are kept secure, returned and properly disposed of.
Incidents have occurred when such lists were viewed in public places.
As I say in all my training courses, put yourself in the position of the data
subject and ask yourself:
1) Should I be on a secret list without even knowing what I am accused of?
2) Should I be on such a list without giving my version of the incident?
3) If the data are inaccurate can I not get the entry changed or even
removed?
4) If the incident did take place as described, am I not likely to modify my
behaviour, ever?
5) If the data are to be shared with other departments and maybe other
organisations, should I not also know about this, and who the others are?
6) If I found myself on such a list (maybe a friend at the council lets it
slip) and suspected the council had not complied with the DPA, would I not ask
the ICO to formally assess the procedures? Would I consider suing for
defamation?
Ian B
Ian Buckland
Keep I.T. Legal Ltd
(Reg: 3822335)
Please Note: The information given above does not replace or negate the need
for proper legal advice and/or representation. It is essential that you do not
rely upon any advice given without contacting your solicitor. If you need
further explanation of any points raised please contact Keep I.T. Legal Ltd at
the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|