What follows might be more of a "Friday question/discussion".
What of the wall-chart - or rather, its modern day equivalent of a collaborative document accessible on the internal (and sometimes external) network - that shows attendance and absence by name and day, including absence owing to sickness, possibly with condition? It might be hard to justify disclosure to everyone with access to the online document, but if written on a wall-chart and not satisfying s.1(1)(b), it can be disclosed to every passer-by.
This also raises the question of whether information supplied by the unwell employee's partner and written on a wall-chart by (say) an Admin assistant satisfies s.1(1)(b) by reason of the same data being supplied separately to Personnel directly by the unwell employee and processed under s.1(1)(a)? [I said it was more of a "Friday question".]
And what of the member of staff who 'discloses' that Charlie [gender-neutral name] is absent because "they have a cold"? Do they need to rely on s.55(2)? What of the person who asks: "How's Charlie today?" Are they committing an s.55(1)(b) offence? Is a strict interpretation that I cannot enquiry after the health of a member of my staff's family if they are also employed by my company?
Are there not shades of grey ([number uncounted] here? That Charlie is "sick" can cover a multitude of things, not all being SPD, ranging from: taking a lead-swinging day; through sunburn and vomiting from over-indulgence; lacerations, broken limbs and 'routine' operations; to mental health and STDs. The first of which also raises the question of whether inaccurate data - reporting "sick" when actually bunking off - is PD at all [corporate policy on honesty aside].
I would occasionally to ask at conferences I was addressing, for every thief in the room to raise a hand. Usually I was the only one with a hand up. I would then ask if none of them had ever used an office paper-clip to bind personal papers together, or taken paper home to use in a home printer (to print office material) but had also printed domestic stuff on it. Those who didn't then raise their hands were rationalising their transgressions. The health status of fellow employees is a usual office discussion point, and no harm is intended, nor does any usually befall the unwell individual as a consequence.
I wonder whether we sometimes get too anal [if that is not SPD] about PD, and some restrictions on 'processing' can have a feeling of: "Can't tell you that; Data Protection, you know!"
Maybe I'm overthinking; probably underthinking. Two hours sleep does that to you.
M
> On 18 Jul 2017, at 13:07, Simon Howarth <[log in to unmask]> wrote:
>
> Yes, you would be wrong (potentially). You need a legal basis for these people to see such information. This information is sensitive personal data so you need to satisfy a schedule 3 condition.
>
> Regardless of this though do the managers NEED to see each other's information? If not, then why provide it?
>
> In health staff cannot even see health information of someone they don't know and have nothing to do with unless there is a valid reason for them to have access, so sharing such information with individua's who can identify their colleagues and their conditions should be performed only with justification and a need to know. If it was my information, I would be unhappy.
>
> Hope this helps.
>
> Simon Howarth
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Derek O'Connor
> Sent: 18 July 2017 09:23
> To: [log in to unmask]
> Subject: [data-protection] Internal Disclosure
>
> SCENARIO - a sickness absence report provided to a senior manager is shared with three of his/her team managers.
>
> Contains information on each other’s team manager staff health.
>
> Ideally they would only receive their individual team reports, but given that it is three members of management team I would be less inclined to be concerned.
>
> Would I be wrong?
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|