JISCMail - DATA-PROTECTION Archives

Observations on advice given.

Wonder how 'organisation' is defined in relation to a 'Group of companies'
where their customers see the organisation as one brand? ie Barclays?

If the definition of an 'organisation' is a single legal entity or body I
can see how the advice operates in relation to the Acts requirements. If
however 'organisation'  is defined as refering to multiple legal entities /
bodies operating under one household brand then it would appear to support
multi national groups operating under a single brand arguing disclosures
across the different legal entities across its group do not have to be
specifically declared other than at brand level.  This appears to be a
practice adopted in multi nationals when delivering fair obtaining notices
to simply declare data will be disclosed across the group. Declaring the
identity of the legal entities making up a group not commonly done whether
correct or not. A Data Subject therefore doesn't really know who their data
is being disclosed to thereby frustrating any potential future audit of
identifying resonsibility for disclosures.

David Wyatt


----- Original Message -----
From: "Gerry Dane" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, October 26, 2004 4:06 PM
Subject: [data-protection] FW: [data-protection] Ill judged comments


Dear All,

Thanks for responses. I've received further clarification from the OIC
in respect of Part II 7 (1)(c)(ii) - Apparently it is to be read as: If
the personal data comes from outside of the organisation then we need to
disclose the source (if we know it), if the personal data is internal to
the organisation then we do not have to disclose the source other than
at organisation level (ie in this case, the source is the University, no
further drill-down is required???).

Gerry.



-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Gerry Dane
Sent: 26 October 2004 11:49
To: [log in to unmask]
Subject: [data-protection] Ill judged comments


Dear all,

An SAR is received and, in the servicing of it, a number of emails are
uncovered that contain text far from complimentary to the data subject.

The author of the messages argues that although the data subject figures
in the message s/he was clearly not the intended recipient of the
message - and on that basis argues for non-disclosure. (this of course
is rejected)

However, how much of the email needs to be disclosed - it has been
suggested (by the OIC) that it is acceptable to supply only the text of
a message - not the metadata. This seems to me to contradict Part II 7
(1) (c) (ii) but I'd be interested in hearing what anyone else thinks.

It would certainly ease the job to be able to respond to third party
concerns by telling them that we are merely copying and pasting the
contents of a message. And then simply say to the data subject that it
originated with the Uni and that's the bottom line detail they're
getting in respect of 'source of those data'

Gerry.

Mr.G.Dane
University of Newcastle
Newcastle upon Tyne
NE1 7RU
Email: [log in to unmask]
-------------------------------------------
The views expressed in this message are those of the
sender and not necessarily those of the University.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^