Thanks Ian, that reminds me: Statutory Instrument 2000 No. 185 para 5(2)
says that you *must* record your reasons for believing that the
'disproportionate effort' rule applies if you are relying on this.
Paul Ticher
Information Management
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: <[log in to unmask]>
To: <[log in to unmask]>
Sent: 09 September 2001 10:28
Subject: Re: Notification to Data Subjects
> In a message dated 08/09/2001 13:07:46 GMT Daylight Time,
[log in to unmask]
> writes:
>
> << What I think this means is that where you get information from a third
> party
> you don't have to tell the Data Subject anything a) if they already know,
or
> should know (perhaps because the person giving you the data has told
them),
> or b) if it would involve you in disproportionate effort. Someone braver
> than me might like to take over from here. >>
> --------------
> In a nutshell, Paul has it right. The difficulty in many cases is
> establishing that you took "reasonable measures" to ensure the data
subject
> has the information required (the controller's identity, the identity of
the
> controller's DPA rep, the purposes, the recipients and other info as
> necessary).
>
> I don't believe you can rely upon the third party informing the subject if
> the information is derogatory or not beneficial to the individual, even if
> they say they have told them.
>
> Disproportionate effort defences will be scrutinised closely. You would
be
> well advised to document your reasons for believing it to involve a lot of
> effort to inform the people of the fact you have details of them. In some
> cases (mailing lists, etc) you will be informing them the first time you
send
> junk mail (sorry, important information) and you could include the
> controller's details and an opt-out / opt-in statement on that first
mailing.
> Remember to check the MPS/TPS/FPS before sending the initial mailings. I
> believe with regards to e-mails the person has to opt IN.
>
> If your defence is that you don't contact the individuals on your list but
> just use it occasionally to check identities or whatever, you could write
to
> the individual at that time (the relevant time) to say their details are
> being processed - and for what purpose, etc. Be careful not to dig a hole
> for yourself by suggesting you don't use the majority of the list (eg
> electoral register, purchased mailing list) because you might be in breach
of
> Principles 3, 4, 5 and/or 6.
>
>
> Ian Buckland
> MD
> Keep IT Legal Ltd
>
> Please Note: The information contained in this document does not replace
or
> negate the need for proper legal advice and/or representation. It is
> essential that you do not rely upon any advice given without contacting
your
> solicitor. If you need further explanation of any points raised please
> contact Keep I.T. Legal Ltd at the address below:
>
> 55 Curbar Curve
> Inkersall, Chesterfield
> Derbyshire S43 3HP
> (Reg 3822335)
> Tel: 01246 473999
> Fax: 01246 470742
> E-mail: [log in to unmask]
> Website: www.keepitlegal.co.uk
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
