The way the Article 29 working party see the definition of persoanl data (arguably inconsistent with Durant) would leads to the possibility of the 3rd party being considered personal. The look at whether there is the possibiliy of using the data to impact upon the data subject *even if* there is presently no desire in the hands of the controller to do so. 



So in this scenario, for example, if it is possible to use it to assess a performanve issue (how did the data subject perform his/her duties on the third party disciplinary matter) then personal.   Or put another (Durant) way: initially focus not on subject, but focus can shift. Possibility of this is enough say 29WP to make data personal *at all times*.



Best

R 



Renzo Marchini 

Dechert LLP 

+44 (0) 20 7184 7563 direct 

+44 (0) 20 7184 7001 fax 

[log in to unmask]

www.dechert.com



Sent from my handheld device





----- Original Message -----

From: This list is for those interested in Data Protection issues <[log in to unmask]>

To: [log in to unmask] <[log in to unmask]>

Sent: Fri Jun 03 03:25:15 2011
Subject: Re: [data-protection] 3rd party data known to SAR applicant



Paul



Im sorry but I would have to disagree with you on this with regard to redacting info.  If you were to redact you are required to apply an exemption to cover the "withheld info".  My question is how can you possible apply an exemption to protect information that is already known to an applicant - does it not make the exemption null and void?





Many thanks 

Trish 

Trish-louise Bailey

Audit & Assurance (Information Governance)

(IG covers:  Data Protection & Privacy, FOI, Information Security, Information Sharing & Confidentiality, Information & Records Management, Information Quality & Assurance) 

Telford & Wrekin Council 

Civic Offices

Coach Central

Telford 

TF3 4HD

www.telford.gov.uk 



em:   [log in to unmask] or [log in to unmask] 

tel:    01952 382537

mb:   07528 969455





-----Original Message-----

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Paul Ticher

Sent: 02 June 2011 15:40

To: [log in to unmask]

Subject: Re: 3rd party data known to SAR applicant



I've noted the comments from others about (a) that the data is not actually 

about the Data Subject (plausible argument), and (b) that it's nonsensical 

to withhold data the Subject already knows (also plausible).  However, it 

occurs to me that (b) may not be nonsensical in every case.



Firstly, I can't see anything which says you *must* disclose data if the 

Data Subject already knows it.  That situation obviously makes it more 

likely to be disclosable, but doesn't require disclosure, unless I'm missing 

something.



Second, I would distinguish between information which is available to the 

Data Subject on the internal e-mail system, and data that they can take away 

with them on paper and, presumably, show to other people (who may be legally 

privileged, but may just be their mates).



Given that your Data Subject knows who the third party is, I would be 

inclined to redact the name, at least, because there is no detriment to the 

Data Subject in doing so but there is, at least, a warning that you consider 

the name of the third party deserving of protection.  They could, of course, 

immediately say to their mates "that name they've blanked out is X, Y" but 

that would be their choice, not your doing.



So I think there is a good case for redaction.



Paul Ticher

0116 273 8191

22 Stoughton Drive North, Leicester LE5 5UB





----- Original Message ----- 

From: "Ray Cooke" <[log in to unmask]>

To: <[log in to unmask]>

Sent: Thursday, June 02, 2011 12:03 PM

Subject: 3rd party data known to SAR applicant





> All,

>

> I'd appreciate any thoughts from all you experienced folk out there on 

> this

> one.

>

> Scenario is this.  Data subject (staff) makes subject access request.

> Emails to and from the data subject deal with 3rd party disciplinary and

> grievance issues sent to data subject in the course of work.  Some of the

> stuff is sensitive data.  Question is - should the 3rd party data be

> redacted out in responding to the SAR even though the data subject has 

> seen

> it and may even still have access to email copies?

>

> I've taken the view that it is not appropriate or reasonable to leave this

> type of 3rd party data unredacted in supplying copies under SAR even 

> though

> the data subject will have seen the material and indeed may have retained 

> it

> within a work context.

>

> Is this the right approach to take in this particular circumstance?

>

> Grateful for any views on this.

>

> Ray Cooke

>

> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>     All archives of messages are stored permanently and are

>      available to the world wide web community at large at

>      http://www.jiscmail.ac.uk/lists/data-protection.html

>     If you wish to leave this list please send the command

>       leave data-protection to [log in to unmask]

> All user commands can be found at 

> http://www.jiscmail.ac.uk/help/commandref.htm

> Any queries about sending or receiving messages please send to the list 

> owner

>              [log in to unmask]

>  Full help Desk - please email [log in to unmask] describing your 

> needs

>        To receive these emails in HTML format send the command:

>         SET data-protection HTML to [log in to unmask]

>   (all commands go to [log in to unmask] not the list please)

>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>

>

> 



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 Any queries about sending or receiving messages please send to the list owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



--------------------------------------------------------------------------------------------------------------------

This email and any files transmitted with it are confidential and

intended solely for the use of the individual or entity to whom

they are addressed. If you have received this email in error 

please notify the originator of the message. 



Any views expressed in this message are those of the individual

sender, except where the sender specifies and with authority,

states them to be the views of Telford & Wrekin Council.



The content of this email has been automatically checked in 

conjunction with the relevant policies of Telford & Wrekin Council.





^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 Any queries about sending or receiving messages please send to the list owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^






  

 This e-mail is from Dechert LLP, a law firm, and may contain information that is confidential or privileged. If you are not the intended recipient, please delete the e-mail and any attachments, and notify the sender. Dechert LLP is a limited liability partnership registered in England & Wales (Registered No. OC306029) and is regulated by the Solicitors Regulation Authority. A list of names of the members of Dechert LLP (who are solicitors or registered foreign lawyers) is available for inspection at its registered office, 160 Queen Victoria Street, London EC4V 4QQ.







^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 Any queries about sending or receiving messages please send to the list owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^