In a message dated 07/08/2000 10:31:51 GMT Daylight Time, [log in to unmask] writes: << Council, the Trustees of the College, meets 5 times a year. Members of Council represent the Faculties of the College. A member of the College/Faculty has requested (more of a demand really) the attendance record of the Council member representing the requesting member's Faculty be disclosed to him. We have declined on the grounds of DP provisions on disclosure - consent etc. Attendance records of Council Members (5 out of 5; 4 out of 5; say) are reported to the Trustees of the College via the Annual Report. We believe this to be the extent of the College requirement to disclose attendance records. I would be grateful for any comments/thoughts on this. >> As one or two have pointed out, you may not need consent, particularly if it has been made clear that attendance (or not) at the meetings will be reported to members of the faculty. The problem with this query is that there is obviously something behind the request and the fact that the information is not readily available suggests that it is not common practice (at this college) to disclose. It could be argued, therefore, that a breach of the First Principle may occur in that a process (disclosure) was not made known to the data subject at the time of data collection. If, however, the disclosure is one of the terms of membership of the council, he/she can have no objection to the disclosure or cause for complaint to the ODPC. The argument that it is "a legitimate interest" could be expanded to say that an employer could disclose someone's attendance at work details - not just statistically like "25% of all our employees have more than two days off every year" but specifically like "Arthur Dent was absent last week for three days". Worse still: "Tricia MacMillan will be off work for the next two weeks, she's on holiday in Malta". If there is a requirement to make such details public then there can be no DP argument. Maurice Frankel writes on the subject:<<The Data Protection Commissioner's recent annual report talks about bodies which "grasp the Act and wave it as though it were some hybrid garlic which might ward off information hungry vampires. Nowhere does the Act place blanket bars on the disclosure of information." >> Correct, but it also says in the report that knowledge of the Act is sadly lacking and that many people think: "It doesn't apply to me." Maybe in this case, just because someone thinks they should have access to the data it has made the organisation think about it before it gives in to bully-boy tactics. Maybe its no bad thing. Remember when a local authority disclosed the specific salary details of some of its staff to a person who demanded it under the "Access to Information" rules governing councils' financial records? Remember the local authority who gave a councillor the names and addresses of all its free bus pass recipients and he used it to junk-mail them with a political message to "vote labour"? Etc., etc., etc. If the purpose for the disclosure is incompatible with the primary purpose, it can also be in breach of the Second Principle. I'm not saying don't disclose, I'm saying be sure of your grounds for doing so. Ian Buckland MD Keep IT Legal Ltd %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%