Hi Trevor
We've had a similar situation recently but in relation to a bachelors degree, where we were asked to verify a certificate that had been supplied by an ex-student to an overseas company. The certificate has clearly been doctored to replace the details of another student with the first student; they had also added modules and numbers of credits which we don't provide and also used a degree classification which we don't use (oops!). We could actually verify the factual errors without disclosing any personal data in the first instance and that's what we did in this case - which was enough for the prospective employer (and I think also for the immigration authorities of the country in which they were located).
However, if we had needed to disclose personal data, our fair processing notices for students and for alumni include the disclosure of information about final awards and attendance to prospective employers in references. Usually job application forms include a form of consent for taking up references and/or verifying the information provided in the application, and the employer can usually supply a copy of this. And finally I would think that in these circumstances both the data controller (University) and the 3rd party (prospective employer) have strong legitimate interests under Schedule 2 6th condition, as Jonathan says.
So in this situation I would be inclined at the outset to confirm "we have no record of X receiving Y qualification" or "the information you have provided does not match our records", plus "for your information, PhDs are..." and then include some of the factual information that Lawrence has listed.
Whether the institution then wants to pursue the ex-student for fraudulently claiming a qualification, bringing it into disrepute or whatever then becomes another matter entirely - we didn't look at this...
Hope this helps
Sarah
M Sarah Wickham, MA, MA, Registered Practitioner
University Archivist & Records Manager
University of Huddersfield
+44 (0)1484 473 935
Web: http://www.hud.ac.uk/cls/archives
http://www.hud.ac.uk/cls/recordsmanagement/
LinkedIn: http://www.linkedin.com/in/msarahwickham
Twitter @msarahwickham
Please don't print this e-mail unless you really need to.
On Wed, 19 Jan 2011 12:42:32 -0000, Trevor Pearce <[log in to unmask]> wrote:
>We had a student whose registration on his programme was terminated due
>to a range of nefarious disciplinary offences.
>
>
>
>We have just been contacted by a company asking us to confirm that this
>student received a PhD from us. Needless to say, he didn't (indeed he
>didn't obtain the undergraduate degree that he actually registered for).
>
>
>
>Any ideas on how we can communicate that this is a false claim without
>infringing the DPA? Am I safe in saying something to the effect of "we
>have no record of any student of that name obtaining this
>qualification"? And can I go further given that this plainly fraudulent?
>Said student is extremely litigious and has attempted to use the DPA
>against us before, without eventual success but at some cost in time to
>us in fighting him off.
>
>
>
>--
>
>
>
>From: Trevor Pearce
>
>Deputy Academic Registrar (Academic Services)
>
>Tel +44 (0)20 7380 3044
>
>Fax +44 (0)20 7380 3092
>
>
>
>
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
>All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|