JISCMail - DATA-PROTECTION Archives

Would it be generically accurate to state:-

Where a request (using any exemption) is for a specifically focused personal
data item there is some legitimacy for a post(s) at a relevant authority
level within an organisation, considering the various factors involved,
making a determination about action;

Where a request (using any exemption) is for a full database, or information
about a large group of persons, there is little legitimacy in disclosing
without a court order?

The reasons behind this simplified personal summarisation are the several
discussions within the mail base in the past, which generally seemed to have
come to the conclusion that where large collections of data are requested, a
court order is necessary.  Notwithstanding other legislation, which in
itself would need to be DPA/HRA compliant.

Of course it is down to each organisations policy decisions to determine how
to respond to exemption requests, but there does seem to me to have been an
increasing sense of consensus.  Does anybody disagree?


Ian W

> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of [log in to unmask]
> Sent: 07 March 2003 12:38
> To: [log in to unmask]
> Subject: Re: Another Police one...
>
>
> In a message dated 05/03/2003 11:19:57 GMT Standard Time,
> [log in to unmask] writes:
>
>
> > Police have requested details of all staff who start work
> between certain
> > hours in a specific town.  They wish to know name, address
> and DOB...this
> > is
> > in relation to a serious offence against a child.  They
> basically wish this
> > information to question if any employees saw anything.
> >
>
> ---------
> This sort of enquiry, not covered under s29 because that
> would have to be
> applied on a case-by-case basis, is almost certainly in need
> of a court
> order.
>
> Another way of dealing with it, assuming the police do not
> suspect any of the
> workers, is for the employer to contact each worker and
> inform them the
> police would like to talk to them as potential witnesses.
>
> If the police will not allow you to contact the staff, they
> obviously suspect
> one (or more) of them and they should either give you a s29
> certificate (or
> certificates) in respect of that (those) individual(s) or
> seek a court order
> to force a disclosure.
>
> If the police are not prepared to do that and insist on the
> full list, a
> court order is the most likely solution.
>
> An employer (public sector or otherwise) should not allow the
> police general
> access to their employment files - whether audit trailed or
> not - this would
> be very likely to breach both DPA and HRA.
>
> Ian B
>
>
> Ian Buckland
> Managing Director
> Keep IT Legal Ltd
>
> Please Note: The information given above does not replace or
> negate the need
> for proper legal advice and/or representation. It is
> essential that you do
> not rely upon any advice given without contacting your
> solicitor.  If you
> need further explanation of any points raised please contact
> Keep I.T. Legal
> Ltd at the address below:
>
> 55 Curbar Curve
> Inkersall, Chesterfield
> Derbyshire  S43 3HP
> (Reg 3822335)
> Tel: 01246 473999
> Fax: 01246 470742
> E-mail: [log in to unmask]
> Website: www.keepitlegal.co.uk
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>        All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>       If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
>             All user commands can be found at : -
>     www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
>   (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^