It would be interesting to know if John has sought advice from the
Caldicott Guardian for the Trust and what his views were.
Margarita
Antoinette Carter wrote:
>Which is precisely why I would confirm only that the letter was not sent
>by you, and is clearly a fake. This divulges no personal data,
>therefore no breach, therefore no risk, therefore no problem!
>
>-----Original Message-----
>From: This list is for those interested in Data Protection issues
>[mailto:[log in to unmask]] On Behalf Of Tim Turner
>Sent: 10 June 2005 14:16
>To: [log in to unmask]
>Subject: [Maybe Spam] Re: [data-protection] FW: [data-protection]
>Disclosure or not?
>
>OK, I am probably playing Devil's Advocate. Feel free to switch off now.
>
>The fact that personal information has been transferred without consent
>does not automatically make the transfer unlawful. Consent is one
>condition for processing, and there are others. It's true that the
>receiving organisation may be "technically at risk" of breaching DP by
>confirming whether the gent attended the hospital or not. However, by
>providing evidence which purports to prove that a person was at a
>certain place, especially evidence which looks invalid, the person has
>opened the door for the employer to make some checks. The processing may
>be valid, and the benefit of assisting an employer in catching an
>errant, potentially fraudulent employee should not be dismissed out of
>hand. I know that people will shout at me for not treating the DPA as
>sacred, and that if you kick one data subject, we all limp. However, as
>there is a debate about whether confirmation that a person wasn't in a
>place is personal data, and there may be conditions for processing, who
>is to say whether the Information Commissioner wouldn't accept that the
>processing was fair?
>
>Tim Turner
>Data Protection / FOI Officer
>Wigan Council
>
>
>
>
>
>>----------
>>From: Tim Trent[SMTP:[log in to unmask]]
>>Reply To: Tim Trent
>>Sent: 10 June 2005 13:28
>>To: [log in to unmask]
>>Subject: Re: [data-protection] FW: [data-protection] Disclosure
>>
>>
>or
>
>
>>not?
>>
>>I understand your desire to be helpful. It is a natural desire.
>>
>>The problem you face is that you have received this data unlawfully
>>(it was transferred to you without consent) and thus it is unlawful
>>for you to process it.
>>
>>Regardless of the rights and wrongs of the imbecile who presumably
>>forged it, your organisation is technically at risk by replying and
>>indeed by doing anything other than destroying the letter and making a
>>
>>
>
>
>
>>professionally 100% non committal reply.
>>
>>Telling them about the consultant's clinic timetable, unless that is
>>public domain information, is also releasing personal data. Remember
>>the USA and the murderous anti-abortion lobby? "Yes Mr Smith conducts
>>
>>
>
>
>
>>terminations and is here every Thursday" Demise of Mr Smith.
>>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]] On Behalf Of John Hughes
>>Sent: 10 June 2005 13:23
>>To: [log in to unmask]
>>Subject: [data-protection] FW: [data-protection] Disclosure or not?
>>
>>Just to clarify the situation further, the employer has in fact sent
>>me a copy of the appointment letter (I'm not going into the rights or
>>wrongs of his doing this) - I have received it and am responding to
>>his written request for clarification as to whether or not the
>>
>>
>appointment took place.
>
>
>>I
>>have no consent from the patient and do not want to disclose any of
>>their personal data. However I want to be helpful, mainly because the
>>letter is quite clearly a fake (no letterhead, hospital address is
>>wrong, plus a number of other incorrect details).
>>
>>Instead perhaps I should reply by simply stating that the consultant
>>in question does not hold clinics on Fridays ..... another error!!!
>>
>>
>>
>>
>>-----Original Message-----
>>From: Hawley, Graeme [mailto:[log in to unmask]]
>>Sent: 10 June 2005 13:01
>>To: [log in to unmask]
>>Subject: Re: [data-protection] Disclosure or not?
>>
>>
>>I can put in a request about absolutely anything at all, even the
>>colour of your underpants. The point is whether the authority holds
>>the information and then whether it should be disclosed or withheld.
>>But once a request is received by an authority, it must be dealt with
>>by that authority and not be batted back to the applicant with the
>>recommendation that they ask someone else. So in this case, if the
>>employer asks the health board for information about the attendance or
>>
>>
>
>
>
>>lack of attendance by an employee at an appointment, the response from
>>
>>
>
>
>
>>the health board cannot be "we think you should be discussing this
>>with your truant, not us". However, what the health board could do,
>>in Scotland anyway, is resort to section 18 of FOISA which states
>>that:
>>
>>(1) Where, if information existed and was held by a Scottish public
>>authority, the authority could give a refusal notice under section
>>16(1) on the basis that the information was exempt information by
>>virtue of any of sections 28 to 35, 39(1) or 41 but the authority
>>considers that to reveal whether the information exists or is so held
>>would be contrary to the public interest, it may (whether or not the
>>information does exist and is held by
>>it) give the applicant a refusal notice by virtue of this section.
>>
>>Freedom of information is fun!!
>>
>>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]]On Behalf Of Tim Trent
>>Sent: 10 June 2005 12:42
>>To: [log in to unmask]
>>Subject: Re: [data-protection] Disclosure or not?
>>
>>
>>Wait! Do you mean YOU can put in an FOI request and see MY hospital
>>appointment records?
>>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]] On Behalf Of Hawley, Graeme
>>Sent: 10 June 2005 12:40
>>To: [log in to unmask]
>>Subject: Re: [data-protection] Disclosure or not?
>>
>>I like Margarita and Jethro's responses, and agree that this would be
>>far more ideal. However, if a request for information is made to a
>>public authority, then the FOIA / FOI(S)A requires them to provide a
>>response relating to the information that they hold about that
>>particular issue, and does not permit the authority to tell the
>>applicant to go ask elsewhere instead (even though I do think that
>>that would be a better course of action).
>>
>>Graeme Hawley
>>National Library of Scotland
>>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]]On Behalf Of Jethro R Binks
>>Sent: 10 June 2005 12:35
>>To: [log in to unmask]
>>Subject: Re: [data-protection] Disclosure or not?
>>
>>
>>On Fri, 10 Jun 2005, Tim Trent wrote:
>>
>>
>>
>>>And that gives us the problem. Each argument holds water. And
>>>since each argument holds water there are grounds for a dispute. If
>>>
>>>
>
>
>
>>>the dispute is settled in favour of the employee it is likely to be
>>>a disclosure that has caused damage or distress.
>>>
>>>I am considering it to be very specific personal data. It gives
>>>details to the employer that the employee was allegedly not at an
>>>appointment with that place in that date. By giving them this data
>>>about their employee, despite the valid point that it is an "absence
>>>
>>>
>
>
>
>>>of data", they now have additional data about that employee.
>>>
>>>
>>It seems to me the solution is rather simpler (or perhaps it's me who
>>is simple :).
>>
>>Why is the employer going behind their employees back on the matter?
>>Surely they should be discussing this with their employee, and asking
>>them to furnish proof if they suspect misbehaviour (while being
>>cogniscent of their employee's right to privacy)? Such proof might
>>take the form of a letter from the health authority that the employee
>>himself asks to be written on his behalf - suitably anonymised from
>>features that may identify a particular department or service attended
>>
>>
>
>
>
>>(so not from the GUM clinic specifically, for example). The letter
>>can be checked by employee and handed to his employer; the employer
>>can then contact the health authority to check the validity of the
>>letter if necessary.
>>
>>This is perhaps a means of implementing your suggestion:
>>
>>
>>
>>>The best answer is surely "We require proof that you have the right
>>>to any information at all about this person and that they permit you
>>>
>>>
>
>
>
>>>to have that information before we will give you any information at
>>>
>>>
>all.
>
>
>>>You may not interpret this answer as giving you any information of
>>>any description about that person"
>>>
>>>
>>Jethro.
>>
>>
>>
>>
>>>We are not interest here in any alleged deception by the employee.
>>>We should only be interested in protecting their rights. Even
>>>murderers have rights.
>>>
>>> _____
>>>
>>>From: Lewis, Chris G. [mailto:[log in to unmask]]
>>>Sent: 10 June 2005 12:18
>>>To: Tim Trent; [log in to unmask]
>>>Subject: RE: [data-protection] Disclosure or not?
>>>
>>>
>>>I disagree. I think were one to say, as suggested "no-one of that
>>>name had an appointment", you are not disclosing anything about any
>>>individual in isolation - "no-one called John Smith was here". I
>>>can't see that a John Smith could complain that that was an
>>>unauthorised disclsoure of their personal data. Firstly, I don't
>>>think it's personal data, and secondly, it would equally be known to
>>>
>>>
>
>
>
>>>a member of the public who sat in reception all day as it was to the
>>>
>>>
>hospital.
>
>
>>>-----Original Message-----
>>>From: This list is for those interested in Data Protection issues on
>>>
>>>
>
>
>
>>>behalf of Tim Trent
>>>Sent: Fri 10/06/2005 12:14
>>>To: [log in to unmask]
>>>Cc:
>>>Subject: Re: [data-protection] Disclosure or not?
>>>
>>>
>>>
>>>I would suggest that disclosing where "someone was not" is a
>>>disclosure of
>>>
>>>
>>>personal data, and in this case to a third party without
>>>
>>>
>authorisation.
>
>
>>>What if this person were attending the GUM clinic for an HIV test
>>>and has absolutely NO desire for his employer (or alleged employer)
>>>
>>>
>to know?
>
>
>>>They have now also passed data to you, an unauthorised third party,
>>>of
>>>
>>>
>>their
>>
>>
>>>suspicions of their employee.
>>>
>>>My advice?
>>>
>>>Avoid. Do not answer without permission form the data subject.
>>>
>>>-----Original Message-----
>>>From: This list is for those interested in Data Protection issues
>>>[mailto:[log in to unmask]] On Behalf Of John Hughes
>>>Sent: 10 June 2005 12:09
>>>To: [log in to unmask]
>>>Subject: [data-protection] Disclosure or not?
>>>
>>>A question for you:
>>>
>>>I have been contacted by a company asking whether or not one of
>>>their employees had an appointment with us one recent Friday
>>>afternoon. They suspect that they have been handed a faked
>>>appointment letter by the employee as proof.
>>>
>>>If I replied by simply stating "no one of that name had an
>>>appointment
>>>
>>>
>>here
>>
>>
>>>on that date", would I be on safe ground? My rationale is that I am
>>>
>>>
>
>
>
>>>disclosing nothing as nothing actually took place.
>>>
>>>John Hughes
>>>DPO
>>>Mayday Healthcare NHS Trust
>>>
>>>
>>>
>>>
>>>
>>======================================================================
>>====
>>=
>>
>>
>>>This e-mail and any files transmitted with it are confidential. If
>>>you
>>>
>>>
>>are
>>
>>
>>
>>>not the intended recipient, any reading, printing, storage,
>>>disclosure
>>>
>>>
>>to
>>
>>
>>>another person, copying or any other action taken in respect of this
>>>
>>>
>>e-mail
>>
>>
>>>is prohibited and may be unlawful. If you are not the intended
>>>
>>>
>>recipient,
>>
>>
>>>please notify the sender immediately by using the reply function and
>>>
>>>
>>then
>>
>>
>>>permanently delete the email from your inbox.
>>>
>>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> All archives of messages are stored permanently and are
>>> available to the world wide web community at large at
>>> http://www.jiscmail.ac.uk/lists/data-protection.html
>>> If you wish to leave this list please send the command
>>> leave data-protection to [log in to unmask]
>>> All user commands can be found at : -
>>> http://www.jiscmail.ac.uk/help/commandref.htm
>>>Any queries about sending or receiving message please send to the
>>>list
>>>
>>>
>>owner
>>
>>
>>> [log in to unmask]
>>> (all commands go to [log in to unmask] not the list please)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> All archives of messages are stored permanently and are
>>> available to the world wide web community at large at
>>> http://www.jiscmail.ac.uk/lists/data-protection.html
>>> If you wish to leave this list please send the command
>>> leave data-protection to [log in to unmask]
>>> All user commands can be found at : -
>>> http://www.jiscmail.ac.uk/help/commandref.htm
>>>Any queries about sending or receiving message please send to the
>>>list
>>>
>>>
>>owner
>>
>>
>>> [log in to unmask]
>>> (all commands go to [log in to unmask] not the list please)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>>
>>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> All archives of messages are stored permanently and are
>>> available to the world wide web community at large at
>>> http://www.jiscmail.ac.uk/lists/data-protection.html
>>> If you wish to leave this list please send the command
>>> leave data-protection to [log in to unmask]
>>> All user commands can be found at : -
>>> http://www.jiscmail.ac.uk/help/commandref.htm
>>>Any queries about sending or receiving message please send to the
>>>list
>>>
>>>
>>owner
>>
>>
>>> [log in to unmask]
>>> (all commands go to [log in to unmask] not the list please)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>
>>>
>>>
>>. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>>
>>
>. .
>
>
>>.
>>Jethro R Binks
>>Computing Officer, IT Services
>>University Of Strathclyde, Glasgow, UK
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>
>>
>
>
>
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>**********************************************************************
>>** Visit the National Library of Scotland online at www.nls.uk
>>**********************************************************************
>>** This communication is intended for the addressee(s) only. If you
>>are not the intended recipient, please notify the ICT Helpdesk on
>>+44 131 623 3789 or [log in to unmask] and delete this e-mail. The
>>statements and opinions expressed in this message are those of the
>>author and do not necessarily reflect those of the National Library of
>>
>>
>
>
>
>>Scotland. This message is subject to the Data Protection Act 1998 and
>>
>>
>
>
>
>>Freedom of Information (Scotland) Act 2002 and has been scanned by
>>MessageLabs.
>>**********************************************************************
>>**
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>
>>
>
>
>
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>
>>
>
>
>
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>**********************************************************************
>>** Visit the National Library of Scotland online at www.nls.uk
>>**********************************************************************
>>** This communication is intended for the addressee(s) only. If you
>>are not the intended recipient, please notify the ICT Helpdesk on
>>+44 131 623 3789 or [log in to unmask] and delete this e-mail. The
>>statements and opinions expressed in this message are those of the
>>author and do not necessarily reflect those of the National Library of
>>
>>
>
>
>
>>Scotland. This message is subject to the Data Protection Act 1998 and
>>
>>
>
>
>
>>Freedom of Information (Scotland) Act 2002 and has been scanned by
>>MessageLabs.
>>**********************************************************************
>>**
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>
>>
>
>
>
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>
>>======================================================================
>>====
>>=
>>This e-mail and any files transmitted with it are confidential. If you
>>
>>
>
>
>
>>are not the intended recipient, any reading, printing, storage,
>>disclosure to another person, copying or any other action taken in
>>respect of this e-mail is prohibited and may be unlawful. If you are
>>not the intended recipient, please notify the sender immediately by
>>using the reply function and then permanently delete the email from
>>your inbox.
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>
>>
>
>
>
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>
>>
>
>
>
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>
>>
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
>Any queries about sending or receiving message please send to the list
>owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
>Any queries about sending or receiving message please send to the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|