Martin, I find it a concern that you hold the view that a subject access request is a "gift that keeps on giving". As a data controller, you accept the resposibility to supply a data subject with all personal data you have gathered on them at their request. If the procedures in your organisation mean there is high cost to retriving this information, then surely, there must be: 1). High cost gathering this information and/or 2). No purpose for retaining data that is costly for the business to obtain. It appears to me that certain members of the Data Protection community feel that it is up to them who can/cannot see their own data. Isn't it the case that a data protection managers role is simply to implement policy in line with current legislation and facilitate the release of data in accordance with this? "Perhaps the data controllers really are the masters now!!" Data controllers do not own the data they are responsible for. Please remember that. Carl >-- Original Message -- >Date: Fri, 12 Dec 2003 10:49:57 -0000 >Reply-To: Martin Hoskins <[log in to unmask]> >From: Martin Hoskins <[log in to unmask]> >Subject: Re: [data-protection] DURANT DECISION NARROWS SCOPE OF DATA PROTECTION >IN UK >To: [log in to unmask] > > >Having read the decision, I have to say its not often that the courts accept that data controllers have legitimate interests, that need to be balanced with those of private individuals. I have seen too many private individuals feel that the DPA enti >les them to impose very significant compliance burdens on data controllers, and the costs of compliance are occasionally wholly disproportionate to the grievance at hand. Without referring to this litigant personally, may I comment that its nice >hat the courts were able to see what financial effect a company has to incur when facing a barrage of requests from an individual who was unlikely to have been satisfied with whatever the data controller had tried to do to meet his demands. I'm sure >most of us have experienced this type of serial complainant. If nothing else, the judgment allows data controllers to adopt a more common sense approach to dealing with subject access requests. It may be that data controllers take a slightly wide > view of the decision when responding to requests, and provide information that is not just "personal data" within the definition of the courts. That might make good business sense. It allows data controllers to exercise a wider element of discretio > than they may have previously done. So, its no longer true to claim that a Subject Access Request is just " a gift that keeps on giving". Perhaps the data controllers really are the masters now!! Happy Friday Yours in the faith ....... > Martin Hoskins Data Protection Manager T-Mobile (UK) Ltd Hatfield Business Park Hatfield, Hertfordshire AL10 9BW +44 (0)7957 234585 +44 (0)1707 319056 fax -----Original Message----- From: Chris Spray [mailto:[log in to unmask]] Sent: 12 >December 2003 09:42 To: [log in to unmask] Subject: Re: DURANT DECISION NARROWS SCOPE OF DATA PROTECTION IN UK I think this is certainly the way the DPA has been "sold" to the public at large. Chris Charles Christacopoul >s <[log in to unmask]> on 11/12/2003 17:49:17 Please respond to Charles Christacopoulos <[log in to unmask]> To: [log in to unmask] cc: (bcc: Christopher Spray/Group Compliance/South East/RAC Motorin > Services) Subject: Re: [data-protection] DURANT DECISION NARROWS SCOPE OF DATA PROTECTION IN UK ** Reply to note from Ian Welton <[log in to unmask]> Thu, 11 Dec 2003 17:33:11 -0000 > From a first quick rea >ing of the decision, it has left me completely at a > loss as to the effectiveness of the directives statement:- "shall protect > the fundamental rights and freedoms of natural persons, and in particular > their right to privacy with respect to the >rocessing of personal data." as > it seems to redefine "informational privacy" by removing any protections > provided for personal data from many areas of organisational life. Whilst > agreeing that some interpretations have been very loose, and s >me contextual > focus is necessary, the judgement itself appears to provide a strict > contextual focus which could then be implemented in other, less appropriate > contexts. until the next judgment comes along :-) I get the feeling from oth >r responses that there is a general belief that DP was created in order to protect privacy and not in order to enable flows of infofrmation within a legal *and at the point of interpretation flexible* framework. I'll leave the rest for Friday. >Charles ============================================== Charles Christacopoulos, Management Information Officer, Planning & Information, University of Dundee, Dundee, DD1 4HN, Scotland, United Kingdom. Tel: 44(0)1382-344891. Fax: 44(0)1382-3 >8845. http://www.somis.dundee.ac.uk/ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jisc >ail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/comma >dref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http://www.rac.co.uk http://www.racbusiness.co.uk http://www.bsm.co.uk Any opinions ex >ressed in this e-mail are those of the individual and not necessarily the company. This e-mail and any attachments are confidential to RAC and/or BSM and are solely for use by the intended recipient. If you are not the intended recipient yo > must not disclose, copy or distribute its contents to any other person nor use its contents in any way. If you have received this e-mail in error please forward a copy of this e-mail to "[log in to unmask]". RAC Motoring Services: Registered E >gland 1424399 VAT Reg No. GB 238640945 British School of Motoring: Registered England 291902 VAT Reg No. GB 239505847 Registered Office(s): 1 Forest Road, Feltham, TW 13 7RR This e-mail and any attachments has been scanned for the presence of c >mputer viruses. RAC/BSM accept no responsibility for computer viruses once this e-mail has been transmitted. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are av >ilable to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user >ommands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ NOTICE AND DISCLAIMER: This >email (including attachments) is confidential. If you have received this email in error please notify the sender immediately and delete this email from your system without copying or disseminating it or placing any reliance upon its contents. We c >nnot accept liability for any breaches of confidence arising through use of email. Any opinions expressed in this email (including attachments) are those of the author and do not necessarily reflect our opinions. We will not accept responsibility >or any commitments made by our employees outside the scope of our business. We do not warrant the accuracy or completeness of such information. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are >stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to jiscmail@ >iscmail.ac.uk All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^