Ian,
Thanks for a thoughtful post in response. I appreciate the distinction between public and private can be blurred at times. We give information privately that is made public without our knowledge and control. It happens because life is messy or we just forget that this was intended. I include my telephone number on a warranty card without reading the fine print.
The lifespan issue is understandable. I would expect that when court case finishes the information changes context. I would not expect that before my statement has been considered by the court, the reason why it was taken, that it would be disclosed, or accessed.
On the PHD issue, I cannot agree. The PhD is a public document because it is a public evidence that the person is qualified. The examination, of which the thesis is part, is a public examination. For many PhDs the thesis is the first and only publication. There is nothing private about the public examination. Nor does it ever return to the private sphere.
If someone were to glean private information from that public document, someone favours a certain word pattern that suggests they have a dialect, then that would not be unexpected. Surprising yes, but not unexpected given the public document can be accessed for any purpose.
I agree that protections are limited. My point was to focus on private individuals. Public organisations can and do have access. I would expect the CPS to access my witness statement. I would not expect private individual X to have access just because they asked. I would expect the DPA to stop that. Moreover, I would not expect that private investigator YY would have access because they asked or because they are part of a wider public safety net. If a third party had a need to know, then it should be within the wider context of a public activity not a private activity. In other words, a private investigator (or private individual) working to obtain the private information (witness statement) from a public organisation, is not acting in the public interest. They are doing the bidding of a private individual. As such, I cannot see a public interest in that disclosure (or access or sharing).
Perhaps there is one, I just cannot see it. Moreover, I cannot see how anyone giving a witness statement would have that expectation of such sharing or access. However, if such information is available just by asking, then it raises the question about the purpose or promise of the data protection act. After all, how will I ever know that police force x or public body y is giving my information to person XX?
What this means is I have no control over my digital persona. Perhaps this is only right given that control, on many levels is an illusion fostered by our ego and identity. Then again, in the future we may have the capacity to control our digital persona if only by a negative means. For example, I could see the possibility where I can, instead of submitting an SAR, make a request (perhaps the equivalent of the big blue button) and see what personal information has been processed up to date in real time. For example, I can check my last transaction on my bank account. Why can I not check access to my personal information as easily? To be sure, I could not necessarily spot the illegal sharing, but I could have a better idea of where it may have come from especially if the output shows the last time the data was accessed.
Some interesting thoughts, thanks for the stimulating post.
Best,
Lawrence
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 25 May 2012 13:59
To: [log in to unmask]
Subject: Re: [data-protection] DWP Staff and Personal Data [wider question on obtaining information from the police]
Lawrence,
An observation or two:-
1. To provide one broad
perspective, DP, like it or not, (and many do not) promotes purposive processing, so the purpose of the processing becomes a simple method of generating a general understanding about the potential uses of personal data.
2. The levels of confidentiality applied to personal data can change dramatically over its lifespan within any purposive restriction or particular area. This is often brought into sharp focus and appears to frequently cause confusion to most people. (I include myself in that
observation.) There also frequently exists a great deal of confusion between generic information and personal data, which is not always easy to quantify perceptions of. i.e. an obvious illustration would be was/is a published phd. thesis public information or personal data reflective of the author, what about questions asked by individuals, or methods used to glean information during a research process, are they personal data reflecting characteristic working methods, levels of knowledge, or revealing of nothing about the individual? Does the context or purpose of the individual at the time influence any answer?
3. A short, but not fully descriptive description of confidentaility during the legal process:- A statement given to the police – confidential within the investigatory and early legal processes, but required to become public information in the context of the court case itself; Yet when a case is over, many people expect those things to become confidential once more. Indeed regulations and processes were aligned in attempts to achieve that. So should you attach any expectation of privacy to a statement given to the police, or is that expectation promoted merely in the interests of supporting that system?
The process does contain many elements of what sounds supiciously like expectations of privacy in public, but individuals are told no such thing exists.
Another one in that same area:-
Appearances at court,
witnesses must not speak to other witnesses who have not given evidence once they have publicly presented their own, as that may compromise the work being conducted within the court.
The data protection list
sometimes touches upon all these issues; But the legal protection of personal data frequently only attempts to imprint a specific reflection of a notified or other regulative framework, often ignoring any detailed policies, which may or may not exist surrounding the use of personal data in specific circumstances during the lifespan of that set of personal data and certainly ignores purposive restrictions in favour of commercial and social outcomes. (Assuming the processing is within the law.)
Never having been involved in FOI, and viewing it as a factor only indicative of elements of social privacy I am unable to provide any really informed views there, but would conjecture many similar issues apply - look to the exemptions to see the most visible.
In the social sphere a common view is - control the awareness of individuals or the availability of information to obtain some control of the situation; And yet, focus rather than control appears to be one basis of privacy - interesting how things get re-interpreted. An obvious and common question that then seems to follow in the social
sphere:- What other character traits must exist within those subscribing to ...... view to maintain it?
But back to individual
privacy, taking a look into the more esoterical realms involved in human interactions and communications it becomes possible to speculate in a more informed way, and validate historical drivers to privacy illustrations provided by the social sphere, although egoistical baggage becomes a facet necessary to factor in, as by far the majority of viewpoints contain that.
Back to a weekend of private life and then continuing independent research...
Ian W
________________________________
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
