In a message dated 31/05/2001 09:24:37 GMT Daylight Time, [log in to unmask] writes: << Now I'm confused I was of the opionion that if the images were clear enough that a person could be identitified then their image should be blurred etc to avoid a third party disclosure, the intention of the data subject being irrelevant, I can't find anything in section 7 of the Act that requires the data controller to obtain information as to the intention for requesting subject access. Is this the new case? has jon bamford been misquoted?? >> -------- Probably. There is nothing in the Act requiring the controller to ask why a data subject wants the data, and nothing requiring the data subject to tell them. If I were you, I'd stick to the "third party" rules as laid down, i.e seek consent unless it is not possible or necessary in the circumstances. It may be possible to leave the images in, even if the third party is a university employee who attacks a member of the public for submitting a subject access request. Ian Buckland MD Keep IT Legal Ltd Please Note: The information contained in this document does not replace or negate the need for proper legal advice and/or representation. It is essential that you do not rely upon any advice given without contacting your solicitor. If you need further explanation of any points raised please contact Keep I.T. Legal Ltd at the address below: 55 Curbar Curve Inkersall, Chesterfield Derbyshire S43 3HP (Reg 3822335) Tel: 01246 473999 Fax: 01246 470742 E-mail: [log in to unmask] Website: www.keepitlegal.co.uk ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^