KIT said "In terms of subject access requests, perhaps even the data subject will supply information that helps you identify the individual." For info (for those who have not had time to digest it yet!) The OIC CoP states that: <<Data subjects may have to provide: 1. Dates and times of when they visited the premises of the user of the equipment, and, 2. A photograph of the individual may be requested in order to locate the correct image - if the individual making the request is unknown to the user of the equipment. Data Subjects can also be asked whether they would be satisfied with merely viewing the images recorded.>> This info, included on CCTV SAR forms hopefully will make life "easier". Peter Peter Wilson Data Protection Officer University of Paisley >>> <[log in to unmask]> 10/10/01 10:14pm >>> In a message dated 10/10/2001 08:13:34 GMT Daylight Time, [log in to unmask] writes: << What is challenging my own mind at the moment is "Is a CCTV image 'data capable of identifying an individual' as described by the DP Act, or must something be combined with the image before the image and recording and storage of that image is subject to this act?" >> ---------- The argument put forward by the OIC in the early days (perhaps before they were called the OIC) was that because personal data was that where a person could be identified from that - or from that and other info in the possession of the controller - or from that and info likely to come into the possession of the controller - and that it was likely that your control room operator knew the individual (perhaps they know shoplifters from previous incidents) or you would want to find out the identity of the subject who was committing some sort of offence (perhaps from the police) - it would be classed as personal data. In terms of subject access requests, perhaps even the data subject will supply information that helps you identify the individual. So for those who were thinking they had wasted loads of time - rest easy, it was time well spent. Ian Buckland MD Keep IT Legal Ltd Please Note: The information contained in this document does not replace or negate the need for proper legal advice and/or representation. It is essential that you do not rely upon any advice given without contacting your solicitor. If you need further explanation of any points raised please contact Keep I.T. Legal Ltd at the address below: 55 Curbar Curve Inkersall, Chesterfield Derbyshire S43 3HP (Reg 3822335) Tel: 01246 473999 Fax: 01246 470742 E-mail: [log in to unmask] Website: www.keepitlegal.co.uk ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Legal disclaimer -------------------------- The information transmitted is the property of the University of Paisley and is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination and other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. -------------------------- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^