Another issue arising from Durant:
Does this mean that all 'personal data' not falling within the narrow
Durant definition of 'related to' the data subject is technically NOT
protected by the FOI exemption S40(3), because it is no longer included
within the scope of the Data Protection Act?
Does this mean that a public body would have no legal grounds for
refusing to release this kind of data to any third party?
Kind regards
Lynne Skipsey
Information Manager
Registry - Corporate Services
NHSU
Tel 07775 508113
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 16 September 2004 15:30
To: [log in to unmask]
Subject: Re: [data-protection] Police Requests
Ian Mansbach on 16 September 2004 at 12:39 said:-
> One needs to decide if the information is personal data and
> apply Durant
> earlier in the process. I suggest the following
> (over-simplified) approach:
The process you describe is correct for * compiling * the SAR response.
I was speaking of the material forming the response, some of which could
be removed from the new definitions of personal data by the re-dacting
process.
As with all data holdings a dependency then arises relating to the
filing system used to store the SAR response data. If that system does
not fall within the amended DPA definitions, and some of the redacted
data does not meet the amended definitions, how could it be determined
to be personal data?
A similar issue would arise with a letter extracted from a personnel
file and subsequently stored in a way which does not fall within the
amended DPA personal data criteria. Ergo it is not personal data.
And that is before you begin to even look at the s.29 responses relating
to material which does not itself immediately identify the data subject.
(Even prior to considering the amended personal data definitions.)
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Ian Mansbach
> Sent: 16 September 2004 12:39
> To: [log in to unmask]
> Subject: Re: Police Requests
>
>
> Quite right and exactly why I said "may ... be personal data".
>
> > Those parts of any exemption or SAR response which contain personal
> > data relating to the data subject after redaction, and
> which then fall
> > within the personal data definition as amended by Durant would be
> > subject to the DPA.
>
> One needs to decide if the information is personal data and
> apply Durant
> earlier in the process. I suggest the following
> (over-simplified) approach:
>
> 1. Is it data (on computer, accessible public record, in a
> structured filing
> system taking into account Durant interpretation of structured filing
> system)?
>
> 2. If yes, is it personal data (relating to a living
> individual taking into
> account Durant interpretation of "relating to"?
>
> Then, and only then, treat the information as personal data
> and apply the
> provisions of the DPA (exemptions, redaction etc etc)
>
> Ian Mansbach
> Mansbachs
> Data Protection Practitioners
> [log in to unmask]
> phone: 0871 716 5060
>
> Ian
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 16 September 2004 12:00
> To: [log in to unmask]
> Subject: Re: [data-protection] Police Requests
>
>
> Ian Mansbach on 16 September 2004 at 11:13 said:-
>
> > Oops, my previous post was badly written!
> >
> > It is the record of the request for disclosure that might "be kept
> > forever, disclosed to anyone, transferred outside the EEA etc etc"
> > not the information requested which may well be personal data and
> > protected by the
> > DPA.
>
> Not necessarily.
>
> Those parts of any exemption or SAR response which contain
> personal data
> relating to the data subject after redaction, and which then
> fall within the
> personal data definition as amended by Durant would be
> subject to the DPA.
>
> Dependent upon the filing system thought appropriate by the responding
> organisation that could be all, part, or none of the response.
>
> I have certainly dealt with responses in the past when, after
> redaction, and
> taken out of context, some of the data would certainly no
> longer be personal
> data.
>
> Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*** This Message has been scanned for viruses by the NHSU WebShield
Virus Scanner, but is not guaranteed free from viruses ***
*** This e-mail and any attachments are confidential and are intended only for the addressee(s). If you are not an intended recipient of this e-mail and have received it in error, please notify the sender immediately by reply e-mail and then delete it from your system.
This e-mail has been scanned for viruses by the NHSU WebShield Virus Scanner, but is not guaranteed free from viruses ***
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
