Nick Landau on 04 May 2006 at 12:29 said:-
> I haven't been a Data Protection Officer, but as the FoI Officer in a
> Trust
> I certainly saw confidential information - indeed the actual request might
> contain confidential information - although, of course, that would imply
> that any employee of a public organisation should require a check - as
> anyone in a public organisation can be handed a FoI request.
To me the issue goes much wider than that.
Whilst some arguments have historically existed that criminal records should
be available in the public domain that has never been, and rightly in my
view, so.
If one accepts that persons with access, or potential access to personal
information should be vetted, then following the police service scenario and
justifications, that would mean that everybody in every organisation (public
and private) would require vetting.
Having myself been vetted a number of times and also being involved in the
vetting and enforced SAR processes over many years from a police DP
perspective, observing how the processes are used for various purposes by
all of the persons involved, from waving the 'vetted' flag around to using
the process as a lever on staff or as an organisational protective mechanism
when problems occur has made me very cynical regarding the purpose of the
whole thing.
Indeed many times in the past external organisations, using the as then
unlawful mechanism of enforced subject access attempted to use that process
to do nothing more than manipulate, I doubt that situation or hidden
purpose(s) has/have changed much.
The interesting questions do still arise though when looking at the issue of
privacy and moving down behind the facade.
Ian
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Nick Landau
> Sent: 04 May 2006 12:29
> To: [log in to unmask]
> Subject: Re: Criminal Record Checks DPO's - was - RE: Criminal Record
> Check of Traffic Wardens?
>
> I haven't been a Data Protection Officer, but as the FoI Officer in a
> Trust
> I certainly saw confidential information - indeed the actual request might
> contain confidential information - although, of course, that would imply
> that any employee of a public organisation should require a check - as
> anyone in a public organisation can be handed a FoI request.
>
> Nick Landau
>
> ----- Original Message -----
> From: "Chris Brogan" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Thursday, May 04, 2006 10:48 AM
> Subject: Re: [data-protection] Criminal Record Checks DPO's - was - RE:
> Criminal Record Check of Traffic Wardens?
>
>
> Interesting discussion developing here. If a DPO had been prosecuted by
> the
> ICO would the DPO be a fit and proper person to fill a DPO's position?
> A data controller should ensure that any Data Processor employed is a fit
> and proper/qualified person to process personal data on their behalf.
> Does that mean that the onus is on the Data Controller in both these
> instances to check the ICO's Annual returns to see if a prosecution has
> taken place? As it is sensitive data would a schedule 3 condition apply.
> Regardless of the above are you aware that CRB will check anything that
> you
> send to them? Shocking? Ring there help line and see what they say.
> Regards Chris Brogan
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Samantha Hill
> Sent: 04 May 2006 10:30
> To: [log in to unmask]
> Subject: Re: Criminal Record Checks DPO's - was - RE: Criminal Record
> Check of Traffic Wardens?
>
>
> My understanding of the need for CRB checks is that they are carried out
> when people
> are likely to come into contact with vulnerable people - here at the Uni
> we
> run checks on
> any students and staff on our education, health and social work courses
> where a
> working placement is involved in their degree, but would not do the same
> for
> any other
> student with no cause to be interacting with vulnerable adults.
>
> On that basis I would say that the data protection officer does not need
> to
> be CRB
> checked as the role does not - or does not in my case - come into contact
> with the
> individuals, only their personal data.
>
> Samantha
>
> On 4 May 2006 at 10:00, Ian Welton wrote:
>
> A spin-off from the other thread and of interest from many
> perspectives.
>
> Given that persons exercising data protection responsibilities within
> organisations have a very high level of access to personal data should
> they all be required to be vetted and if so to what level?
>
> I am speaking of the role here not the organisation or sector.
>
> Why?
>
> Why not?
>
> What roles would not require vetting?
>
>
> Ian W
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.392 / Virus Database: 268.5.3/331 - Release Date: 5/3/06
>
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> All archives of messages are stored permanently and are
>
>
>
> available to the world wide web community at large at
>
>
>
> http://www.jiscmail.ac.uk/lists/data-protection.html
>
>
>
> If you wish to leave this list please send the command
>
>
>
> leave data-protection to [log in to unmask]
>
>
>
> All user commands can be found at : -
>
>
>
> http://www.jiscmail.ac.uk/help/commandref.htm
>
>
>
> Any queries about sending or receiving message please send to the list
> owner
>
>
>
> [log in to unmask]
>
>
>
> (all commands go to [log in to unmask] not the list please)
>
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Samantha Hill
> Information Disclosure Officer
> University of Portsmouth
> Winston Churchill Avenue
> Portsmouth PO1 2UP
> Tel: 023 9284 3642
> E-mail: [log in to unmask]
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.392 / Virus Database: 268.5.3/331 - Release Date: 5/3/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|