Kathy
We went round this loop as well (and discussed this ambiguity before we
wrote our text); it would have been clearer if the paragraph in Schedule
7 had said given in confidence by 'a data controller'.
We took the view that a data controller which issues the reference is
'the data controller' in question. The fact that the personal data are
subseqeuntlly processed by another data controller does not alter the
fact that the personal data were given by 'the data controller'.
However, can I also refer you to section 7(6) which refers to respecting
the confidentiality of sources who are individuals. This I think will be
also relevant to your circumstances. This protects the circumstances of
an individual who is not a data controller but who provides a reference.
In DPN 33 (page 30) we said that it was surprising that the Government
needed to protect anonymous references!
What we have suggested that whenever a reference is sought, the referee
is asked whether the reference is confidential. In that way, you know
you are processing confidential p.d
This leads to an interesting question. Suppose a referee is unwilling to
let the subject of the reference see the reference. Does this make the
reference more valuable (e.g. because referees can be more explicit) or
less valuable (e.g. because referees can discredit without any risk of
exposure?)
Chris
Data Protection News, Cap Gemini House
95 Wandsworth Road, London SW8 2HG
Tel: +44 (0) 171-917-4362/4704
Fax: +44 (0) 171-917-4666
E-mail: <[log in to unmask]>
or <[log in to unmask]>
>----------
>From: Katherine Lloyd[SMTP:[log in to unmask]]
>Sent: 09 Sep 1998 18:12
>To: [log in to unmask]
>Subject: RE: References
>
>Chris
>
>I may be being daft - call it Data Protection Act 1998 overdose: does
>the Subject Access exemption regarding confidential references apply
>only to references supplied by *the* data controller or any data
>controller? Your points on p26 of DP News No 33 suggest that
>references supplied by Third Parties are covered (although point
>taken about fairness). The heading in the Act "Confidential
>References given by the Data Controller" suggests that we can only
>refuse access to our own references not those received. This has
>major implications for us as we receive so many references from
>third parties on applicants. Can you help?
>
>Katherine Lloyd
>University of Warwick
>
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|