Especially when Antoinette suggested an elegant compromise to resolve this
scenario that achieves the objectives of DP purists and bloody-minded
pragmatists like me, I find it difficult to understand why the notion of
being helpful, even with a few attendant (technical) risks, is seen as
unnecessary, even undesirable. The media have created a perception that Data
Protection is ungainly, unhelpful and occasionally (Soham, British Gas etc)
dangerous. Everyone working in a DP role has a responsibility to challenge
and overturn this view - not to shore it up.
Tim Turner
Wigan Council
> ----------
> From: Carter, Antoinette
> (KIS)[SMTP:[log in to unmask]]
> Reply To: Carter, Antoinette (KIS)
> Sent: 13 June 2005 12:42
> To: [log in to unmask]
> Subject: Re: [data-protection] Disclosure or not?
>
> I think this whole attitude of being obtrusive when dealing with perfectly
> reasonable requests is what has given the DPA such a bad name. You are,
> in effect, making it all the more likely that the forger gets away with
> it, and that benefits no-one. At the end of the day, we're talking about
> someone lying to their boss to cover taking time off work. This is not
> the great train robbery; do you really want our police spending their time
> investigating someone playing hooky from work, and wasting a Court's time
> getting a court order, all of which would cost the taxpayer £1,000s over a
> misdemeanour that cost the company just £100s.
>
> You say: "But if the employer receives from the hospital a statement of
> fact that the letter is forged, would not the employer automatically think
> the employee is the forger?" I say: Well, yes, obviously they would. The
> employee gave them the letter, and is the only party who could benefit
> from it's forgery. If you get shot, the man holding the smoking gun is
> usually to blame.
>
> You said: "Is that not personal data in the sense of "opinions"? I say:
> the opinions they form are "their" opinions, you would only have stated
> the fact that you know the letter had not been sent by you.
>
> You said: "However, if the hospital tells the employer "it is likely to be
> a forgery but we make no allegations about who may have forged this
> letter" it could leave the employer with a dilemma about whether to accuse
> the person and take action against them. I say, it is their dilemna and
> not for you to pre-suppose how the employer interprets or acts or the
> information you give them. Why would you say "it is likely to be a
> forgery" when you know that IT IS A FORGERY. All this woolly talk
> achieves nothing and only helps the guilty.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of [log in to unmask]
> Sent: 13 June 2005 11:48
> To: [log in to unmask]
> Subject: Re: [data-protection] Disclosure or not?
>
> But if the employer receives from the hospital a statement of fact that
> the letter is forged, would not the employer automatically think the
> employee is the forger? Is that not personal data in the sense of
> "opinions"? However, if the hospital tells the employer "it is likely to
> be a forgery but we make no allegations about who may have forged this
> letter" it could leave the employer with a dilemma about whether to accuse
> the person and take action against them.
>
> I have acquired a large kitchen utensil made of natural arboreal material
> which is useful for these situations if anyone wants to borrow it ;-)
>
> Ian B
>
> PS A simple and cheap solution is to have a policy of not responding to
> this sort of request. If and when the police turn up with a court order
> to disclose, respond then.
>
> -----
> In a message dated 13/06/05 10:33:51 GMT Daylight Time,
> [log in to unmask] writes:
>
>
> > I think Antoinette has the simple answer - focussing on whether or not
> > the letter is genuine or forged, without giving any further information
> > about attendance at appointment.
> >
> > If the data subject provided their employer with a letter supposedly
> > written by my hospital to the data subject, I do not see how the
> > employer is breaching the subject's data privacy rights in taking the
> > letter back the supposed issuing hospital for confirmation. If I/my
> > organisation sent the letter in the first place, we can confirm it is
> > genuine (after confirming with the data subject that they did provide it
> > to their employer) or if it is a fraud/forgery we can state that fact.
> > Neither of these statements breach personal privacy rights of the data
> > subject.
> >
> > However, I would not confirm or deny whether the patient/data subject
> > attended my hospital, without the patient's permission.
> >
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|