By legitimate I had meant a proper course of conduct rather than a legal
one.
If the policy issue itself was within the scope of action of a local
authority, but the linkage to legislation used as support for that policy
was incorrect, ultra vires would probably not apply as the data controller
would be working within their scope. (Although I am by no means fully
conversant with ultra vires and will stand to be corrected on that.)
The DPA training question did not strike me as a legal issue though, more
the appropriateness of the action of including within the DPA umbrella
something which did not exist within that legislation.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Bradshaw, Phillip
> Sent: 18 July 2007 13:13
> To: [log in to unmask]
> Subject: Re: Disclosure of data provided by data subject.
>
>
>
> Depends what you mean by legitimate...
>
> Certainly of no practical effect as policy cannot override the law.
>
> For a local authority it would not be 'legitimate' in the
> sense that it would be ultra vires as the authority probably
> has no power to do something in such apparent disregard of
> legal rights.
>
>
> Phillip Bradshaw
>
> Information Manager
> Clerk to the Council
>
> Room 111, County Hall
>
> EMail: [log in to unmask]
>
> Phone: 029 2087 3346
> Mobile : 07779 284684
>
> Fax: 029 2087 3349
>
> Proactive Publishing Promotes Positive Perceptions
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 18 July 2007 12:57
> To: [log in to unmask]
> Subject: [data-protection] Disclosure of data provided by
> data subject.
>
> I was asked a DPA question the other day: -
>
> Is it correct that the DPA forbids a data controller to
> disclose to a data subject, data which that data subject of
> and which they originally provided to that data controller,
> as all their DPA training stated it was and that seemed silly?
>
> I answered no, and having reflected on the situation and
> knowing that the organisations policies and procedures were
> tied to the notification and that the internal policies and
> procedures apparently for some reason forbid such disclosures
> now consider that to brief an answer as the organisation may
> have some other policy which states no disclosures of
> material provided be made to data subjects who provided it.
>
> If that is correct the question occurred to me: -
>
> Is it legitimate to attempt to place responsibilities on
> staff, which they are told arise from legal rules when the
> purpose of the rules is actually different and probably
> organisationally rather than DPA related?
>
> Ian W
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All
> user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send
> to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask]
> describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> **********************************************************************
> Privileged/Confidential Information may be contained in this
> message. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such
> person), you may not copy or deliver this message to anyone.
> In such case, you should destroy this message and kindly
> notify the sender by reply email. Please advise immediately
> if you or your employer does not consent to Internet email
> for messages of this kind. Opinions, conclusions and other
> information in this message that do not relate to the
> official business of the Council of the City and County of
> Cardiff shall be understood as neither given nor endorsed by
> it. All e-mail sent to or from this address will be
> processed by Cardiff County Councils Corporate E-mail system
> and may be subject to scrutiny by someone other than the addressee.
> **********************************************************************
> Mae'n bosibl bod gwybodaeth gyfrinachol yn y neges hon. Os
> na chyfeirir y neges atoch chi'n benodol (neu os nad ydych
> chi'n gyfrifol am drosglwyddo'r neges i'r person a enwir),
> yna ni chewch gopio na throsglwyddo'r neges. Mewn achos o'r
> fath, dylech ddinistrio'r neges a hysbysu'r anfonwr drwy
> e-bost ar unwaith. Rhowch wybod i'r anfonydd ar unwaith os
> nad ydych chi neu eich cyflogydd yn caniatau e-bost y
> Rhyngrwyd am negeseuon fel hon. Rhaid deall nad yw'r
> safbwyntiau, y casgliadau a'r wybodaeth arall yn y neges hon
> nad ydynt yn cyfeirio at fusnes swyddogol Cyngor Dinas a Sir
> Caerdydd yn cynrychioli barn y Cyngor Sir nad yn cael sel ei
> fendith. Caiff unrhyw negeseuon a anfonir at, neu o'r
> cyfeiriad e-bost hwn eu prosesu gan system E-bost
> Gorfforaethol Cyngor Sir Caerdydd a gallant gael eu
> harchwilio gan rywun heblaw'r person a enwir.
> **********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|