Dear Listserv,
As you are no doubt aware the Data Protection Act, specifically section
7(3), states that a Data Controller is not obliged to comply with a
request under this section unless he is supplied with such information
as he may reasonably require in order to satisfy himself as to the
identity of the person making the request..
At Westminster, our current procedure is to ask for original
verification documents sent recorded delivery. Alternative arrangements
for photocopying originals at our One Stop Services which are then
witnessed by staff are also offered. Letters from Solicitors acting on
behalf of clients are acceptable, although we reserve the right to
confirm that this is in fact the case, i.e. a signed letter from the
client must accompany the application, together with address details
etc. Whilst every effort is made to accommodate individual circumstance,
for example, where applicants are physically unable to attend a One Stop
Shop. We reserve the right to maintain our verification standard. This
is in keeping the Metropolitan Police's procedure and most other
institutions, especially those in the private sector. I believe that
these steps are reasonable, as my first duty is to protect individuals
from unlawful disclosures. I also have a duty to the organisation, to
ensure procedures are in place that don't result in unlawful discloses.
Production of original documents is in my view not unreasonable - yet
the OIC is questioning this, by stating it believes that photocopies are
acceptable. Am I now to take it as given that when banks ask for
original documents they are in fact imposing a unreasonable requirement?
Where does this leave us in an age of identity fraud? I would be very
interested to hear from the listserv what procedures/requirements they
have for verifying identity for Subject Access Requests. I have done a
short trawl around Government departments (including the OIC) and
alarmingly they appear to have less stringent procedures than my own. Do
you think we are going over the top on this issue - personally as a
member of the public I would like to think that organisations were doing
everything in their power to stop unlawful disclosures, especially in
the light of recent events.
Fatima Zohra
Corporate Information Manager
Information Services
City of Westminster
***********************************************************************************
Parking in Westminster is easier with our ParkRight guide. It explains how to park, where to park and includes a useful map of zone one. For your free copy call Parking Services on (020) 7823 4567 or visit www.westminster.gov.uk/parking/
***********************************************************************************
Westminster City Council switchboard: +44 20 7641 6000
www.westminster.gov.uk
***********************************************************************************
This E-Mail may contain information which is privileged, confidential and protected from disclosure.
If you are not the intended recipient of this E-mail or any part of it, please telephone Westminster City Council immediately on receipt.
You should not disclose the contents to any other person or take copies.
***********************************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|