Apologies for the length of this response - there seem to be more angles to 
be considered than I'd anticipated when I began.

> An organization is seeking a reference for a student and asks the
> question "Do you believe the subject to be strictly honest,
> conscientious and discreet?"
>
> If the student has been found guilty of plagiarism but has continued on
> the course and has now graduated, can one answer YES to that question?

It's a common question in my experience, particularly from temp agencies 
who are supplying staff to third parties, probably an attempt on the part 
of the temp agencies to protect themselves in their dealings with those 
third parties.  I think that type of question is more common partly because 
references have tended to become more anodyne in response to concerns about 
disclosure to the subject of the reference, so reference requestors are 
being more direct about what they want to know (if not always terribly 
clear about why).

If I have no evidence of practices such as plagiarism, and no formal 
knowledge of a student beyond the classroom, as is usually the case, I 
normally say that I have no reason to doubt the honesty, conscientiousness 
and discretion of the candidate.  I find 'No comment' a bit blunt as a 
general response.

Where there is knowledge about a student's activities which I have as part 
of my institutional role, things would become trickier. Plagiarism is a 
particularly difficult issue to deal with.  Academics deal with a range of 
plagiarism offences, from those where there is a clear intent on the part 
of the student to deceive as to the authorship of the work; to those where 
it is unclear that the student has properly understood what they have done 
wrong (although as institutions have become more attuned to the problem, 
and are making the rules explicit in handbooks and guidelines, and 
enforcing them via mechanisms such as the JISC Plagiarism service, the 
wholly innocent plagiarist does seem to be becoming rarer).

So, for a starting point, does the fact that a student has been found 
guilty of plagiarism necessarily mean that they are dishonest (I'm assuming 
that's the key issue)? What are the facts of that finding of 'guilty' by 
the institution? Is it:

 - guilty by 'strict liability' (student has plagiarised - defined here as 
"used the work of others without proper attribution" - and intent or 
otherwise is irrelevant); or,

 - guilty by 'intent' (institution has determined that student has 
plagiarised, and that there is sufficient evidence that the student had 
intent to breach the rules).

If the plagiarism falls into the former category, then it is questionable 
as to whether it provides any indication of 'dishonesty', and it is 
difficult to justify it as being relevant to the question.

If the institution has a documented process for dealing with plagiarism 
with intent, and an appeals procedure from that process, and the student 
has been determined at all stages to have plagiarised with intent, (and the 
process has concluded) then perhaps we need to look towards the DPA.

a) Is that further processing of the personal data originally processed for 
the purpose of internal disciplinary sanction lawful? (I'm thinking 
Principle 2 here)

Was the student informed that the outcome of an internal disciplinary 
proceeding, for which they have already (presumably) paid some form of 
penalty, might be the subject of disclosure to a third party, such as a 
potential employer?  Have they had the opportunity to object?

(I think making such a stipulation to students might be a deterrent to 
would-be plagiarists, but it might also mean that every plagiarism case 
would be fought through every single appeals stage - something institutions 
are unlikely to be prepared for)

b) If YES to a) then is evidence of plagiarism 'sensitive personal data'?

My understanding of s.2 DPA 1998 (g) & (h) (commission or alleged 
commission of any offence; proceedings for any offence committed etc.) is 
that these refer to formal criminal cases, but I'm open to 
argument/correction on that point.  Would that also mean that someone who 
has committed a criminal offence in the past might not have that offence 
disclosed in a reference, but someone who plagiarised an undergraduate 
essay would - that seems a bit odd to me - a criminal offence may be seen 
as more prejudicial than plagiarism, but if the question is coined in terms 
of 'honesty'....?

If NO then see Schedule 2 for possibilities:

 - Sch.2 (1) The data subject has given consent to the processing.

Ronan's point - I guess you show the DS the reference, and ask if they want 
it sent. FWIW I always show candidates the reference I have written before 
sending it - I have had one person so far decide to go elsewhere for their 
reference - it apparently wasn't laudatory enough.  This approach may run 
the risk of accusations of 'coerced consent' - having no institutional 
reference being as, or more, damning than having one mentioning plagiarism.

 - Sch.2 (6) The processing is necessary for the purposes of legitimate 
interests pursued by the data controller or by the third party or parties 
to whom the data are disclosed, except where the processing is unwarranted 
in any particular case by reason of prejudice to the rights and freedoms or 
legitimate interests of the data subject.

If the plagiarism is 'plagarism with intent', the proper procedures have 
been followed and completed, what rights and freedoms or legitimate 
interests of the DS are being *prejudiced*?  If the plagiarism is not 
disclosed, what are the risks run by the DC (misrepresenting the 
candidate), or the third party (hiring an employee who has plagiarised), 
vis _their_ legitimate interests?

If YES then see Schedule 2 & 3 for possibilities:

 - Sch.2 (1) The data subject has given consent to the processing.

As above.

 - Sch.2 (6)The processing is necessary for the purposes of legitimate 
interests pursued by the data controller or by the third party or parties 
to whom the data are disclosed, except where the processing is unwarranted 
in any particular case by reason of prejudice to the rights and freedoms or 
legitimate interests of the data subject.

As above.

 - Sch.3 (1) The data subject has given his explicit consent to the 
processing of the personal data.

As above, but ideally clearly evidenced.

 - Sch.3  (3) The processing is necessary in order to protect the vital 
interests of another person, in a case where consent by or on behalf of the 
data subject has been unreasonably withheld.

Depends on the nature of the job, but seems farfetched.

 - Sch.3  (5) The information contained in the personal data has been made 
public as a result of steps deliberately taken by the data subject.

If disclosed by the DS in an application, then the DC might wish to explain 
the circumstances.  The situation outlined by Graham doesn't seem to fall 
into this category.

After all that, what are the possible options?

1) Refuse to answer the question/ignore the question

- may count against candidates from your institution with no disciplinary 
record
- may been seen as hiding something,
- may risk fall-out from employer if candidate is dishonest in workplace.

However, if 'normal practice' is not to make such disclosures, then what is 
the rationale for moving from that position, even in the face of a question 
which indirectly impinges on those issues.

2) Answer 'No comment'

- if done across the board may count against candidates from your 
institution with no disciplinary record
- if done selectively, may be as damaging as disclosure (in essence, it is 
a disclosure),
- may risk fall-out from employer if DS is then dishonest in workplace.

3) Ask the DS for permission to disclose

- if they say 'yes' that's a possible solution
- if they say 'no' you still have the problem.

4) Show the DS the reference and ask if they want it sent

- may run the risk of accusations of 'coerced consent'.

5) Disclose the plagiarism (assuming it is NOT sensitive personal data)

- risk of DS taking action for unlawful disclosure.

Assessing risk - likelihood of DS requesting reference from would-be 
employer + likelihood plagiarism issue was reason why would-be employer 
didn't hire them + DC able to show plagiarism procedure fair and disclosure 
of data from procedure to 3rd party for hiring purposes fair and lawful + 
balancing of legitimate interests of DC and 3rd party against prejudice to 
the rights and freedoms or legitimate interests of DS.

As an individual referee, I would be inclined towards options 1 or 4 - as 
noted above, an institution may find option 4 a more difficult position to 
sustain.

My 2 cents.

Andrew

Andrew Charlesworth
Senior Research Fellow in IT and Law
Director, Centre for IT and Law
School of Law/Department of Computer Science
University of Bristol
Wills Memorial Building
Queens Road, Bristol BS8 1RJ

Tel: 0117 954 5633 (CompSci)
Fax: 0117 954 5208 (CompSci)
E-mail: [log in to unmask]

--On Wednesday, September 06, 2006 6:08 PM +0100 "C.Oppenheim" 
<[log in to unmask]> wrote:

> I'm surprised at Ronan's first question, as this is a standard form of
> words used in many pro forma reference requests.
>
> Might not the solution be to put "no comment" against the question if
> there really are DP concerns?
>
> Charles
>
> Professor Charles Oppenheim
> Head
> Department of Information Science
> Loughborough University
> Loughborough
> Leics LE11 3TU
>
> Tel 01509-223065
> Fax 01509-223053
> e mail [log in to unmask]

> ----- Original Message ----- From: "RONAN DURNIN"
> <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Wednesday, September 06, 2006 5:17 PM
> Subject: Re: Question on a reference[Scanned]
>
>
> Why are those seeking a reference asking the question? And would
> answering no to the question cause damage or distress to the subject of
> the reference? Remember that by providing a reference, you are passing
> personal data of the data subject onto a third party. The data subject
> may well have been told at the point of completing the application form
> (or whatever form) that references would be sought - I don't believe
> that this is necessarily an indication that the data subject consents to
> such personal information being obtained by the requestor or disclosed
> by the recipient of the reference request. Might it be appropriate to
> contact the data subject to obtain their consent given their previous
> plagiarism?
>
> Just my tuppence worth...
>
> Ronan.
>
> ========================
> Ronan Durnin
> Business Support Officer
> NIGALA
> 79 Chichester Street
> Belfast
> BT1 4JE

> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Graham Donelan
> Sent: 06 September 2006 17:07
> To: [log in to unmask]
> Subject: [data-protection] Question on a reference[Scanned]
>
> Maybe not strictly be a DP question but has DP implications possibly.
>
> An organization is seeking a reference for a student and asks the
> question "Do you believe the subject to be strictly honest,
> conscientious and discreet?"
>
> If the student has been found guilty of plagiarism but has continued on
> the course and has now graduated, can one answer YES to that question?
> It is normal practice not to refer to such matters in the reference but
> the question is very direct.
>
> Thanks
>
> Graham
>
> Graham Donelan
> University Secretary
> Liverpool Hope University
> Telephone - 0151 291 3756
> Fax - 0151 291 3855

>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



Andrew Charlesworth
Senior Research Fellow in IT and Law
Director, Centre for IT and Law
School of Law/Department of Computer Science
University of Bristol
Wills Memorial Building
Queens Road, Bristol BS8 1RJ

Tel: 0117 954 5633 (CompSci)
Fax: 0117 954 5208 (CompSci)
E-mail: [log in to unmask]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^