I think this whole attitude of being obtrusive when dealing with perfectly reasonable requests is what has given the DPA such a bad name. You are, in effect, making it all the more likely that the forger gets away with it, and that benefits no-one. At the end of the day, we're talking about someone lying to their boss to cover taking time off work. This is not the great train robbery; do you really want our police spending their time investigating someone playing hooky from work, and wasting a Court's time getting a court order, all of which would cost the taxpayer £1,000s over a misdemeanour that cost the company just £100s.
You say: "But if the employer receives from the hospital a statement of fact that the letter is forged, would not the employer automatically think the employee is the forger?" I say: Well, yes, obviously they would. The employee gave them the letter, and is the only party who could benefit from it's forgery. If you get shot, the man holding the smoking gun is usually to blame.
You said: "Is that not personal data in the sense of "opinions"? I say: the opinions they form are "their" opinions, you would only have stated the fact that you know the letter had not been sent by you.
You said: "However, if the hospital tells the employer "it is likely to be a forgery but we make no allegations about who may have forged this letter" it could leave the employer with a dilemma about whether to accuse the person and take action against them. I say, it is their dilemna and not for you to pre-suppose how the employer interprets or acts or the information you give them. Why would you say "it is likely to be a forgery" when you know that IT IS A FORGERY. All this woolly talk achieves nothing and only helps the guilty.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of [log in to unmask]
Sent: 13 June 2005 11:48
To: [log in to unmask]
Subject: Re: [data-protection] Disclosure or not?
But if the employer receives from the hospital a statement of fact that the letter is forged, would not the employer automatically think the employee is the forger? Is that not personal data in the sense of "opinions"? However, if the hospital tells the employer "it is likely to be a forgery but we make no allegations about who may have forged this letter" it could leave the employer with a dilemma about whether to accuse the person and take action against them.
I have acquired a large kitchen utensil made of natural arboreal material which is useful for these situations if anyone wants to borrow it ;-)
Ian B
PS A simple and cheap solution is to have a policy of not responding to this sort of request. If and when the police turn up with a court order to disclose, respond then.
-----
In a message dated 13/06/05 10:33:51 GMT Daylight Time, [log in to unmask] writes:
> I think Antoinette has the simple answer - focussing on whether or not
> the letter is genuine or forged, without giving any further information
> about attendance at appointment.
>
> If the data subject provided their employer with a letter supposedly
> written by my hospital to the data subject, I do not see how the
> employer is breaching the subject's data privacy rights in taking the
> letter back the supposed issuing hospital for confirmation. If I/my
> organisation sent the letter in the first place, we can confirm it is
> genuine (after confirming with the data subject that they did provide it
> to their employer) or if it is a fraud/forgery we can state that fact.
> Neither of these statements breach personal privacy rights of the data
> subject.
>
> However, I would not confirm or deny whether the patient/data subject
> attended my hospital, without the patient's permission.
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|