Jim
Has data controller authorised the staff to Act in this manner (ie Home
working policy).
If 'no' the individual creating the records is personally liable for the
records.
If they cannot defend a 'domestic use' position as an exemption (Unlikely)
in my view they are committing offences such as failure to register,
unlawful obtaining (section 55) etc under DPA.
Should at least make the individual take a bit more notice of their personal
liability under the Act.
Of course the organisation employing the individual may have questions over
'appropriate' security.
Interesting in other legal territories (ie Italy) the legislation has more
prescriptive definitions of 'appropriate security' to support it.
Hope this assists
David
----- Original Message -----
From: "J.S.M.Whitaker" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, May 25, 2006 10:57 AM
Subject: [data-protection] SAR - Material kept at home
> I'd be very interested in any views or pointers to authoritative resources
> on the following situation.
>
> A member of staff is the line manager of someone who issues an SAR. It
> appears that, in the course of working at home, some potentially
> disclosable
> material has been created and retained there. I am taking the view that
> this is held "by or on behalf of" the organisation and as such is
> (potentially) disclosable.
>
> (Yes, all the usual things have been/will be said about proper storage of
> company information etc. etc. but that is another matter.)
>
> Any arguments against my view welcomed. (I'm working on English legal
> requirements here, not what might be "good practice" but outside the
> requirements of English legislation.)
>
> Many thanks
>
> Jim
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|