Jonathan
I have just looked again at the ICO's revised guidance and agree my response was a bit rash. Apologies for not giving it due consideration.
Letters of complaint are always difficult in regard to SARs but we have a duty of confidentiality to the third party otherwise people wouldn't make complaints if they thought we would reveal their identity. I use s.7(6)(a) in these circumstances.
-----Original Message-----
From: Jonathan Baines [mailto:[log in to unmask]]
Sent: 22 January 2010 14:24
To: [log in to unmask]; GIBBS, Julie
Cc: Jonathan Baines
Subject: Re: Third party permission to disclose
Julie, I can't agree with you that, as the letter is merely an acknowledgment
of receipt of Mr Y's letter, it doesn't constitute Mr X's personal data.
The ICO's post-Durant (and more relevantly, post-Article 29 working party
Opinion on personal data) states that:
"Where data is not 'obviously about' an identifiable individual the following
question may help to determine whether the data is 'personal data'.
Is the data being processed, or could it easily be processed, to:
- learn;
- record; or
- decide
something about an identifiable individual,
or;
as an incidental consequence of the processing, either:
- could you learn or record something about an identifiable individual; or
- could the processing have an impact on, or affect, an identifiable individual?"
In this instance the data is processed, or certainly could be, as a bare
minimum to record that Mr X had been the subject of a letter, received by the
data controller (and presumably of some relevance to the controller, otherwise
why would it be on file) written by his neighbour Mr Y.
Unless I am missing something in al these Xs and Ys.
best wishes
Jonathan
************************************************************************
Note: This E-Mail is intended for the addressee only and may include
confidential information.
Unauthorised recipients are requested to please advise the sender immediately
by telephone and then delete the message without copying or storing it or
disclosing its contents to any other person.
We have taken all reasonable precautions to ensure that no viruses are
transmitted from the Authority to any third party. Copyright in this
e-mail and attachments created by us unless stated to the contrary belongs to the Council.
Any liability (in negligence or otherwise) arising from any party acting,
or refraining from acting on any information contained in this e mail is
hereby excluded.
Should you communicate with anyone at the Council by e-mail,
you consent to us monitoring and reading any such correspondence.
Printing this email? Please think environmentally and only print when essential!
************************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|