I am trying to track down the originator of an idea from within the DP
world allowing me to credit them fully in my documents. (Rather than
anon.)
The basic idea is that a data subject should be informed of any
exempted access granted to their personal data.
To put that bland statement into context :-
I first came across it during the early development of computerised
police intelligence systems within the organisation I was working for
at the time.
It was adapted in a number of ways during that period, often to
reflect what where seen as threats to the work of police intelligence.
For example:
1. If a person requests subject access to an audit trail can we claim
an exemption? (I accept this is not a real problem as normal exemptions
apply).
2. What options are there for checking on computer systems which avoid
the openly available audit trail(s) and accountability mechanisms?
Those sort of generic questions, coupled with ongoing but
realistically futile requests to obtain access to transaction codes and
facilities which were available to DP and other policing mechanisms on
existing systems having been developed to identify or deal with abuse,
as a means of apparently hiding certain work were the norm. The
development/implementation of intelligence systems without any audit
trails was also on ongoing issue.
The fundamental situation reflected the normal mix of defining
specifications and insecurities associated with such computerisation
projects, coupled with the increased push for data sharing between
organisations and forthcoming FOI requirements.
Suggestions that the police themselves identify a validity time period
for an exemption they were claiming, and then retain the ability to
alter that time period within certain limits if necessary arose during
the debates but was never well received.
Ignoring all other factors and distractions, my distinct impression
during this period was that the basic idea of notification to the
individual who was the subject of access to personal data under an
exemption, originated from outside the policing environment.
Can anybody on the list assist in identifying the origin?
Independently continuing,
Ian W
Get the best of the web - http://www.tiscali.co.uk/search
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|