JISCMail - DATA-PROTECTION Archives

Paul Ticher on 07 March 2003 at 09:16 made the point:-

> ....does the whole file constitute personal data
> regardless, once it
> has been linked to the individual, or do you have to examine
> each document
> within it to see whether that particular document is personal data?....

> However, are
> you *obliged* to provide it, just because it's in their file?

This raises the question of why it (the generic data) was included within
the file to start with?

It would seem strange if an organisation as standard practice included a
generic circulation, distributed widely to employees, within each employees
file.  The doubling in resource costs alone would probably raise concerns;
On the other hand something may accidentally have been place in a file;
Or as a practice within an organisation, a copy of any relevant generic
discipline regulation could be included within the file of every employee
who was subject to any sort of discipline investigation.  That material
would be generic, but it could equally have significant implications for an
individual.

If material contained in a file linked to a data subject is not produced
some scope for argument between the data controller and the data subject is
created.  If all the data is produced, the scope for argument is reduced.
Much along the lines of Dave Wyatts' comments.  What reason could there be
not to produce generic material?

It seems so to me.   If material is in a personnel file, it should be
produced, to protect both the data controller and the data subject.

Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Paul Ticher
> Sent: 07 March 2003 09:16
> To: [log in to unmask]
> Subject: Re: Info to disclose under an SAR
>
>
> I follow David's argument, and have no disagreement with it,
> but I thought
> Antoinette's query also raised a different issue: When you make a SAR
> disclosure, does the whole file constitute personal data
> regardless, once it
> has been linked to the individual, or do you have to examine
> each document
> within it to see whether that particular document is personal data?
>
> Without knowing the specific case, I can't see much problem
> with releasing
> to the Data Subject some general information about the
> pension scheme which,
> presumably, they would have had a copy of at some time
> anyway.  However, are
> you *obliged* to provide it, just because it's in their file?
>
> I don't know the answer, but I would be very interested if
> anyone does.
>
> Paul Ticher
> Information Management
> 0116 273 8191
> 22 Stoughton Drive North, Leicester LE5 5UB
>
> I hereby require any recipient of this message not to use my
> personal data
> for direct marketing purposes.
>
> ----- Original Message -----
> From: davidwyatt <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: 07 March 2003 10:58
> Subject: Re: Info to disclose under an SAR
>
>
[snip]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^