Donald Henderson on 29 June 2005 at 10:09 said:-
> Whilst clarification of what is being sought by the data
> subject might give some light on why the person is asking, I
> don't think that is the point of the question. The purpose of
> the question is normally to avoid mountains of unnecessary
> work. Having just issued several inches (I'm giving my age
> away, I know) of paper to a data subject and spent days
> reading it all to consider exemptions, it would have been
> much simpler if the person had indicated they were only
> interested in stuff held by HR since 2004 rather than "everything".
>
> This is particularly the case for a public authority
> following the FOI amendment to the DPA regarding unstructured filing.
Remembering that the work will also entail the added value brought about by
considering if the personal data found meets the DP principles and
organisational CoP's for the purpose(s) it is held.
Les Kingstone on 29 June 2005 at 11:27 said:-
> But I thought in this respect, FoI actually amended DPA. So
> 'should' it apply to the private sector as well as for public
> authorities?
The DPA does apply to all organisations.
"I am seeking any information your organisation holds about me" seems to
meet those FOI amendment requirements.
Is a data subject expected to know in detail what data holdings an
organisation has and how they are structured?
If so where do they find sufficient detail about those issues to make an
informed decision on what may be held?
A detailed register of data users, broken down by specific purpose(s) could
assist somewhat, but the more generic the register the less information is
available to inform a data subject.
I suppose the data subject could ask the organisational DPO exactly what
information may be held about them, but their trust in any answer would
depend on their perceptions of data protection, that person, and the
organisation in question. All of which could well be tainted by various
factors.
For example of organisations making decisions regarding what data to supply
to a data subject would be the credit reference agencies, who apparently
hold voters register data going back many years, but they do not generally
supply that in response to a subject access request, no matter how broad
ranging any request, yet that address data is stated to be relevant to
credit decisions. How valid is that, and what would data subjects form?
It would seem probable that the less detailed and trustworthy any public
register is, and the less open an organisation is, the more likely broader
requests will be received.
Could this thread possibly be proposing that data subjects should not be
allowed to express a SAR in a way which fits with their own needs, but
should rather tailor their needs to fit an organisations requirements?
A consequence of such action could be ignoring data which may be held
because the agreed 'organisational SAR process' does not recognise some of
the data held because either the DP people have not been informed, or
organisational/computing changes made have not yet changed that particular
process? Thinking about it though, some would probably think the ability to
be able to manipulate SAR to that extent an advantage, the reasons why that
should be so would probably be illuminating.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Les Kingstone
> Sent: 29 June 2005 11:27
> To: [log in to unmask]
> Subject: Re: email requesting Subject Access Request
>
>
> But I thought in this respect, FoI actually amended DPA. So
> 'should' it apply to the private sector as well as for public
> authorities?
>
> Les
>
> >I am. Though I confess to periodic perplexity. Even so the great
> >majority of the work I do is in the multinational private sector
> >
> >-----Original Message-----
> >From: This list is for those interested in Data Protection issues
> >[mailto:[log in to unmask]] On Behalf Of Les Kingstone
> >Sent: 29 June 2005 11:13
> >To: [log in to unmask]
> >Subject: Re: [data-protection] email requesting Subject
> Access Request
> >
> >Tim,
> >
> >You are of course aware of the changes to S7(3) brought in
> by FoI ?!?
> >
> >
> >Les
> >
> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> >Any queries about sending or receiving message please send
> to the list
> owner
> > [log in to unmask]
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> >Any queries about sending or receiving message please send
> to the list
> owner
> > [log in to unmask]
> > (all commands go to [log in to unmask] not the list please)
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to
> the list owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|