 |
 |
Dave Maybe I've misinterpreted the interpretation part of Schedule 1 but it appears to me that if the data subject is not aware of the identity of the controller, the representative (if one is appointed), the purposes (i.e. junk mailing) and other info such as likely recipients, a breach of the First Principle has occurred - regardless of the issue of whether one of the conditions of Schedule 2 is met. My view is that we will have to separate the issues of "fair" and "lawful" when assessing whether a breach of the First Priciple has occurred or is likely to occur. Schedule 2 covers only the issue of lawfulness. In addition, Principle Six requires us to have regards to the rights of the individual when processing. Does this not include the right not to receive unsolicited junk mail? Ian Buckland Keep IT Legal Ltd >From the Act: PART II INTERPRETATION OF THE PRINCIPLES IN PART I The first principle1. - (1) In determining for the purposes of the first principle whether personal data are processed fairly, regard is to be had to the method by which they are obtained, including in particular whether any person from whom they are obtained is deceived or misled as to the purpose or purposes for which they are to be processed. (2) Subject to paragraph 2, for the purposes of the first principle data are to be treated as obtained fairly if they consist of information obtained from a person who- (a) is authorised by or under any enactment to supply it, or (b) is required to supply it by or under any enactment or by any convention or other instrument imposing an international obligation on the United Kingdom. 2. - (1) Subject to paragraph 3, for the purposes of the first principle personal data are not to be treated as processed fairly unless- (a) in the case of data obtained from the data subject, the data controller ensures so far as practicable that the data subject has, is provided with, or has made readily available to him, the information specified in sub-paragraph (3), and (b) in any other case, the data controller ensures so far as practicable that, before the relevant time or as soon as practicable after that time, the data subject has, is provided with, or has made readily available to him, the information specified in sub-paragraph (3). (2) In sub-paragraph (1)(b) "the relevant time" means- (a) the time when the data controller first processes the data, or (b) in a case where at that time disclosure to a third party within a reasonable period is envisaged- (i) if the data are in fact disclosed to such a person within that period, the time when the data are first disclosed, (ii) if within that period the data controller becomes, or ought to become, aware that the data are unlikely to be disclosed to such a person within that period, the time when the data controller does become, or ought to become, so aware, or (iii) in any other case, the end of that period. (3) The information referred to in sub-paragraph (1) is as follows, namely- (a) the identity of the data controller, (b) if he has nominated a representative for the purposes of this Act, the identity of that representative, (c) the purpose or purposes for which the data are intended to be processed, and (d) any further information which is necessary, having regard to the specific circumstances in which the data are or are to be processed, to enable processing in respect of the data subject to be fair. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%