In message <[log in to unmask]>, at
15:13:40 on Sun, 8 Jan 2006, Ian Welton <[log in to unmask]> writes
>As has been previously muted by others a number of times a very real level
>of audit of s.29(3) separate from both data controllers could be provided by
>a requirement for disclosure of the s.29(3) data disclosure to a data
>subject at a sufficient time after an exemption had been granted not to
>cause a compromise.
How far would you take that?
What if my phone bill was accessed (it would be RIPA these days, not
29(3), but lets press on with the example anyway). Would you tell just
me, or all the people whose number appeared on it? How would you get the
name and address of all the innocent people on the bill without doing a
further several hundred 29(3) requests?
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|