Kirsten
Your authorisation process for handling police and related requests sounds pretty standard and I would not reduce the safeguards you have in place.
If you were under a statutory obligation to disclose large amounts of data regularly, as for example PAYE data to the Inland Revenue, then obviously you do not have to authorise each separate disclosure but for ad hoc requests from police, etc you are absolutely right to go through the authorisation process each time. All organisations I have ever advised have taken this approach.
Nicola McKilligan
Senior Partner and Director of Privacy Advisory Services
Privacy Partnership
16 St Martins Le Grande
St Pauls
London
EC1A 4EN
Mobile +44(0)7506726112
On 4 Oct 2012, at 17:36, Kirsten Donaldson Wheal <[log in to unmask]> wrote:
> (Apologies for cross-posting)
>
> Good afternoon everyone
>
> I'm interested in other institutions' policies for disclosing staff members' personal data to the police under the DP exemption for the prevention or detection of crime.
>
> At the University of Edinburgh, we have been advising that we don't disclose information automatically if the police (or other body with statutory powers) ask for it - we would ascertain whether they are asking for information about a named individual and for a specific purpose, and then ask for the correct authorisation documentation. Recently we have been challenged on this by another area of the University, which would rather not ask for the authorisation every time.
>
> Do you ask for authorisation in all cases? Are there times when you would disclose without it?
>
> Many thanks in advance,
>
> Kirsten
>
> Kirsten Donaldson Wheal
> Assistant Records Manager
> University of Edinburgh
> Old College, South Bridge
> Edinburgh EH8 9YL
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|