In a message dated 01/02/2001 14:51:19 GMT Standard Time,
[log in to unmask] writes in response to
[log in to unmask]:
<< Where a clear duty of confidence arises, disclosure of information
without
third party consent is unlikely to be reasonable. Only my view, though
I'm
sure I've read it somewhere....! >>
-------------------------------
Ian B writes in response:
<< 1) A duty of confidence does not automatically arise just because a
person
> writes "confidential" on the letter; and (perhaps more importantly)
>
> 2) I don't believe a member of staff can be classed as a "third party" - I
> think it has to be someone who is not the data subject and not the controller
> (or someone acting on their behalf). >>
>
------------------
I agree with point 1) above but in relation to point 2)....
Section 7 (4) of the Act simply refers to "another individual who can
be identified from that information" which surely includes members of staff
acting on behalf of the data controller. I've been looking into this from the
perspective of info. possibly retained in client files by university
counselling services. This may include data received from tutors (staff),
parents, GP, etc. and I can't see why they could, or should, be differentiated
between, as all appear to be potential "other individuals who can be identified
from that information" (trying to avoid any misinterpretation of the term
'third party') .
Mark Mukerji
Mark Mukerji (Dr.)
Student Registry
C47 University House
Lancaster University
Lancaster LA1 4YW
01524 592086
