Observations on advice given. Wonder how 'organisation' is defined in relation to a 'Group of companies' where their customers see the organisation as one brand? ie Barclays? If the definition of an 'organisation' is a single legal entity or body I can see how the advice operates in relation to the Acts requirements. If however 'organisation' is defined as refering to multiple legal entities / bodies operating under one household brand then it would appear to support multi national groups operating under a single brand arguing disclosures across the different legal entities across its group do not have to be specifically declared other than at brand level. This appears to be a practice adopted in multi nationals when delivering fair obtaining notices to simply declare data will be disclosed across the group. Declaring the identity of the legal entities making up a group not commonly done whether correct or not. A Data Subject therefore doesn't really know who their data is being disclosed to thereby frustrating any potential future audit of identifying resonsibility for disclosures. David Wyatt ----- Original Message ----- From: "Gerry Dane" <[log in to unmask]> To: <[log in to unmask]> Sent: Tuesday, October 26, 2004 4:06 PM Subject: [data-protection] FW: [data-protection] Ill judged comments Dear All, Thanks for responses. I've received further clarification from the OIC in respect of Part II 7 (1)(c)(ii) - Apparently it is to be read as: If the personal data comes from outside of the organisation then we need to disclose the source (if we know it), if the personal data is internal to the organisation then we do not have to disclose the source other than at organisation level (ie in this case, the source is the University, no further drill-down is required???). Gerry. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Gerry Dane Sent: 26 October 2004 11:49 To: [log in to unmask] Subject: [data-protection] Ill judged comments Dear all, An SAR is received and, in the servicing of it, a number of emails are uncovered that contain text far from complimentary to the data subject. The author of the messages argues that although the data subject figures in the message s/he was clearly not the intended recipient of the message - and on that basis argues for non-disclosure. (this of course is rejected) However, how much of the email needs to be disclosed - it has been suggested (by the OIC) that it is acceptable to supply only the text of a message - not the metadata. This seems to me to contradict Part II 7 (1) (c) (ii) but I'd be interested in hearing what anyone else thinks. It would certainly ease the job to be able to respond to third party concerns by telling them that we are merely copying and pasting the contents of a message. And then simply say to the data subject that it originated with the Uni and that's the bottom line detail they're getting in respect of 'source of those data' Gerry. Mr.G.Dane University of Newcastle Newcastle upon Tyne NE1 7RU Email: [log in to unmask] ------------------------------------------- The views expressed in this message are those of the sender and not necessarily those of the University. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^