I think this is clearer than everyone seems to be making it.
If a data subject submits a valid SAR disclosures must be made. No data
that can identify any data subject other than the one submitting the SAR may
be released to the requestor.
It is not relevant whether the data subject is/is not a current or non or ex
employee, nor whether the relevant data is on computer or on paper. The
only thing that matters is that it is indexed in a structured manner (or
retrievable in that way) in accordance with the definitions of the act. It
could be argued that a shared surname could be such a structured index
method.
_____________________________________________________________
Tim Trent
Chief Privacy Officer EMEA
Gartner
EMEA Marketing, Tamesis, The Glanty, Egham, Surrey, United Kingdom,
TW20 9AW
Switchboard +44 (0)1784 431 611, Direct Line +44 (0)1784 267 335, Mobile +44
(0)7710 126 618, Fax +44 (0)1784 268 932
http://www.gartner.com
[log in to unmask]
The opinions expressed in this message are my own, and may or may not
reflect those of my employer. They are expressed as a part of the
discussion on the JISCMail mailing list on data protection and for no other
purpose. They have no legal standing and are offered as part of informed
and informal discussion. They may NOT be attributed to Gartner in any way.
Any personal data provided is provided expressly for use of discussions on
the JISCMail Data Protection Discussion list. Under the UK Data Protection
Act 1998 I expressly forbid any individual or organisation to make
commercial use of my data published either on the email list or in the
archives of that or other lists whether this message appears or not. This
includes messages already published in the archives.
-----Original Message-----
From: Kirsty Gray [mailto:[log in to unmask]]
Sent: 13 September 2002 14:09
To: [log in to unmask]
Subject: Re: Internal Investigation
Brenda, I don't understand - if he's not an employee then presumably you
won't have information about him in 'structured' manual files so he doesn't
have SAR rights related to his personal data in his wife's (or anyone
else's) personnel file until 2005.
Or is it that all the information is on computer and easy to search / find?
If so, do you HAVE to disclose? Guess that depends on what information is
held, how obtained and from whom. What are the grounds that HR are using for
non-disclosure? That the information held about him was provided in
confidence by a third party?
But even then you'd have to balance common law duty of confidentiality to
that third party against his right to (a) have access to the data and (b)
prevent further processing and (c) have it corrected, if incorrect, or
details of his version of events appended etc.
If his wife / your employee made the SAR - theoretically you'd need his
consent to disclose the bits about him to her or else delete as 3rd party!
Seems like a real can of worms, good luck! Kirsty.
Kirsty E Gray
Information Rights Officer
Gateshead Council
Tel. No: (0191) 433 2170
Fax. No: (0191) 478 2755
mailto:[log in to unmask]
http://www.gateshead.gov.uk
(Note - views expressed are those of the sender, are provided for
discussion and debate and do not necessarily reflect the council's
corporate position.)
-----Original Message-----
From: Brenda Scourfield [mailto:[log in to unmask]]
Sent: 13 September 2002 10:29
To: [log in to unmask]
Subject: Internal Investigation
We have received an SAR from the husband of an employee who is currently
the subject of an harrasment investigation. He (not an employee) has been
complained about having got involved in obstructing the person accused of
harrassment.
Apparently, he has been named in various documents, minutes of interviews
etc. Personnel are claiming that they do not need to disclose.
This afternoon, copies of all documents are being supplied to his wife (3rd
parties deleted).
Question - do we have to disclose, obviously deleting 3rd party references
if their permission to disclose has not been given ?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Important Information
This e-mail constitutes a confidential communication
and is subject to legal privilege. If you have received
this e-mail in error, please notify us immediately. You
should not use or copy it for any purpose, nor disclose
it to any other person.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
