Sarah,
We have been approached by the CSA and they sent in a document (faxed),
quoting section 14 (4A) (c) of their legislation (can't remember it
right now) and section 35 of the DPA, which together gave us the
opportunity to release data.
We asked for evidence of the person's "certificate of authority" as
proof, which their legislation says they have to have. The person
concerned got really nasty, saying that they don't give this evidence as
it could be copied and abused. They threatened to turn up on the
doorstep to get the information (which they are allowed to do) if we
refused to provide the data. We tried to explain again that we were not
refusing to provide, just wanted evidence that they were ok to provide
the data to which we have an obligation to do.
We then asked instead for a second signature on the form, from another
senior employee that we can contact, as this will allow us to ensure
that whilst we don't doubt that they work for the CSA, the person they
are chasing in within their case load. We are awaiting their response
to this.
I would never except e-mailed contact from a government agency unless we
were already in contact via another method.
Hope this helps you
Regards,
Clare
If you intend to send personal data to this e-mail address, please be
advised that these will be used by Ford Financial, our group, their and
our representatives, agents and contractors, any assignees, transferees
of the above referred to parties for controller business administration,
statistical analysis and management reporting and may therefore be
accessed by other members of this organisation. This information may
also be transferred to our group outside the EEA. If you are sending the
personal data of other individuals, please ensure that you have their
consent to do so and that they are aware of the uses to which Ford
Financial will put these data.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of M Sarah Wickham
Sent: 30 January 2009 09:39
To: [log in to unmask]
Subject: [data-protection] Child Support Agency - third party request
for personal information
Dear colleagues
Apologies for cross-posting. We have received a request as follows:
================
[log in to unmask]
Hi
Received E.-Mail.
Could you please confirm that ABCD Date of Birth NN/NN/1970, N.I.
NWxxxxxxD is a student at University of Huddersfield.
Thankyou
xxx xxx
Sne Mos Nc Empl WG1 TM2
788xxxxx
================
We have not (apparently) dealt with the CSA before, so I have two
concerns here.
1. It is my understanding that the Child Support Agency has extensive
powers to obtain information. However, I would normally expect
information about the requester's formal source of authority to make the
request. The email does not do this - at least in an intelligible form.
For example, in the case of police requests, we require formal
documentation which in the case of West Yorkshire Police's form includes
a counter-signatory from a higher officer. Similarly, we require the
Student Loans Company to include a copy of their certificate of
authority as per the Social Security Fraud Act 2001 (s3(1)) Code of
Practice on Obtaining Information.
2. The Child Support Act 1991 and associated regulations that I have
(cursorily!) had a look at concerning the supply of personal information
seem to apply to employers, local government, benefits agency etc - ie
bodies via which a non-resident parent may be receiving income.
Obviously the University does not have this kind of relationship with a
student.
So my initial reaction is to go back to the requester, and ask for his
formal source of authority to make the request. Before I do this,
though, am I missing something?!
Many thanks
Sarah
M Sarah Wickham, MA, MA, Registered Practitioner University Records
Manager University of Huddersfield
+44 (0)1484 473 935
http://www.hud.ac.uk/cls/recordsmanagement/
http://www.linkedin.com/in/msarahwickham
Please don't print this e-mail unless you really need to.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|