For public authorities, you look at the FoIA guidance at http://www.informationcommissioner.gov.uk/eventual.aspx?id=77 On personal information and on confidence Note in particular the distinction between public lives and private lives. Public authorities are expected to be accountable for their actions. Mike > From: Duncan Smith <[log in to unmask]> > Reply-To: Duncan Smith <[log in to unmask]> > Date: Wed, 20 Oct 2004 15:13:23 +0100 > To: <[log in to unmask]> > Subject: Re: Consent > > ---------------------------------------------------------------- > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the material from any > computer. > > The information contained in this correspondence is not intended as legal > advice or counsel, and is not represented as such by the sender. iCompli > Ltd. makes no warranties or statements regarding the legal acceptability of > the information presented in this correspondence. Any actions performed as > a result of this information are of the recipient's own choosing. > ---------------------------------------------------------------------------- > ------------------- > > > > Chris, your comment ... > > "The promotions board are not third parties, they are clearly acting on > behalf of the data controller as either employees or agents, so the have no > way of hiding behind confidentiality" > > ... may not be correct. > > To my knowledge neither the common law of confidentiality nor the requisite > parts of the Data Protection Act 1998 are over-ruled by consideration of who > is, and is not, the data controller. > > If an individual puts in a SAR to a data controller, who in meeting their > legal obligations may disclose information about any third party i.e. not > the data subject, then great care should be taken to understand what consent > is in place to disclose, and what implications disclosure (or otherwise) > would have on both the requestor and the third party. > > So yes I could "hide behind confidentiality", and indeed may wish to do so > for very valid e.g. personal safety, reasons. Although I'm not suggesting > that is the case in the scenario Gwenan put forward. > > > Regards, > > Duncan S Smith > Managing Director > iCompli Limited Northampton UK > T: 08707 70 48 66 F: 08707 70 48 69 M: 07775 56 81 80 > Mailto:[log in to unmask] Web: www.icompli.co.uk > "Compliance in your language" > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > All archives of messages are stored permanently and are > available to the world wide web community at large at > http://www.jiscmail.ac.uk/lists/data-protection.html > If you wish to leave this list please send the command > leave data-protection to [log in to unmask] > All user commands can be found at : - > http://www.jiscmail.ac.uk/help/commandref.htm > (all commands go to [log in to unmask] not the list please) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^