In a message dated 01/02/2001 14:51:19 GMT Standard Time, [log in to unmask] writes in response to [log in to unmask]: << Where a clear duty of confidence arises, disclosure of information without third party consent is unlikely to be reasonable. Only my view, though I'm sure I've read it somewhere....! >> ------------------------------- Ian B writes in response: << 1) A duty of confidence does not automatically arise just because a person > writes "confidential" on the letter; and (perhaps more importantly) > > 2) I don't believe a member of staff can be classed as a "third party" - I > think it has to be someone who is not the data subject and not the controller > (or someone acting on their behalf). >> > ------------------ I agree with point 1) above but in relation to point 2).... Section 7 (4) of the Act simply refers to "another individual who can be identified from that information" which surely includes members of staff acting on behalf of the data controller. I've been looking into this from the perspective of info. possibly retained in client files by university counselling services. This may include data received from tutors (staff), parents, GP, etc. and I can't see why they could, or should, be differentiated between, as all appear to be potential "other individuals who can be identified from that information" (trying to avoid any misinterpretation of the term 'third party') . Mark Mukerji Mark Mukerji (Dr.) Student Registry C47 University House Lancaster University Lancaster LA1 4YW 01524 592086