We anal retentives rule!
Actually I remain within the DPA. I need authority to release any data on
this matter to any party that could not prove a legitimate interest in it.
I am now a private investigator. I want to know where you were yesterday.
I fake a letter as your fake employer trying to get extra information for
some purpose about you.
Nope. I am staying anal. No proof = no answer.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Lewis, Chris G.
Sent: 10 June 2005 14:48
To: [log in to unmask]
Subject: Re: [data-protection] Disclosure or not?
Except I think that your anality (if that ios a word) has gone beyond the
confines fo the DPA at this point - saying "that letter is fake because we
did not send it" has absolutely nothing to do with the individual's personal
data, so no DPA issues arise. And, indeed, the clinic has a sufficient
interest in this anyway as someone is forging its letters.
-----Original Message-----
From: This list is for those interested in Data Protection issues on
behalf of Tim Trent
Sent: Fri 10/06/2005 14:32
To: [log in to unmask]
Cc:
Subject: Re: [data-protection] Disclosure or not?
Except, we do not know they are in any way entitled to even that
information. Who are they? Are they his employer? Make them prove
their
right to know anything about anything to do with this person.
I do realise I am being very anal about this. It's just that one
has to be
anal about it.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Antoinette
Carter
Sent: 10 June 2005 14:29
To: [log in to unmask]
Subject: Re: [data-protection] [Maybe Spam] Re: [data-protection]
FW:
[data-protection] Disclosure or not?
Which is precisely why I would confirm only that the letter was not
sent by
you, and is clearly a fake. This divulges no personal data,
therefore no
breach, therefore no risk, therefore no problem!
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Tim Turner
Sent: 10 June 2005 14:16
To: [log in to unmask]
Subject: [Maybe Spam] Re: [data-protection] FW: [data-protection]
Disclosure
or not?
OK, I am probably playing Devil's Advocate. Feel free to switch off
now.
The fact that personal information has been transferred without
consent does
not automatically make the transfer unlawful. Consent is one
condition for
processing, and there are others. It's true that the receiving
organisation
may be "technically at risk" of breaching DP by confirming whether
the gent
attended the hospital or not. However, by providing evidence which
purports
to prove that a person was at a certain place, especially evidence
which
looks invalid, the person has opened the door for the employer to
make some
checks. The processing may be valid, and the benefit of assisting an
employer in catching an errant, potentially fraudulent employee
should not
be dismissed out of hand. I know that people will shout at me for
not
treating the DPA as sacred, and that if you kick one data subject,
we all
limp. However, as there is a debate about whether confirmation that
a person
wasn't in a place is personal data, and there may be conditions for
processing, who is to say whether the Information Commissioner
wouldn't
accept that the processing was fair?
Tim Turner
Data Protection / FOI Officer
Wigan Council
> ----------
> From: Tim Trent[SMTP:[log in to unmask]]
> Reply To: Tim Trent
> Sent: 10 June 2005 13:28
> To: [log in to unmask]
> Subject: Re: [data-protection] FW: [data-protection]
Disclosure
or
> not?
>
> I understand your desire to be helpful. It is a natural desire.
>
> The problem you face is that you have received this data
unlawfully
> (it was transferred to you without consent) and thus it is
unlawful
> for you to process it.
>
> Regardless of the rights and wrongs of the imbecile who presumably
> forged it, your organisation is technically at risk by replying
and
> indeed by doing anything other than destroying the letter and
making a
> professionally 100% non committal reply.
>
> Telling them about the consultant's clinic timetable, unless that
is
> public domain information, is also releasing personal data.
Remember
> the USA and the murderous anti-abortion lobby? "Yes Mr Smith
conducts
> terminations and is here every Thursday" Demise of Mr Smith.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of John Hughes
> Sent: 10 June 2005 13:23
> To: [log in to unmask]
> Subject: [data-protection] FW: [data-protection] Disclosure or
not?
>
> Just to clarify the situation further, the employer has in fact
sent
> me a copy of the appointment letter (I'm not going into the rights
or
> wrongs of his doing this) - I have received it and am responding
to
> his written request for clarification as to whether or not the
appointment took place.
> I
> have no consent from the patient and do not want to disclose any
of
> their personal data. However I want to be helpful, mainly because
the
> letter is quite clearly a fake (no letterhead, hospital address is
> wrong, plus a number of other incorrect details).
>
> Instead perhaps I should reply by simply stating that the
consultant
> in question does not hold clinics on Fridays ..... another
error!!!
>
>
>
>
> -----Original Message-----
> From: Hawley, Graeme [mailto:[log in to unmask]]
> Sent: 10 June 2005 13:01
> To: [log in to unmask]
> Subject: Re: [data-protection] Disclosure or not?
>
>
> I can put in a request about absolutely anything at all, even the
> colour of your underpants. The point is whether the authority
holds
> the information and then whether it should be disclosed or
withheld.
> But once a request is received by an authority, it must be dealt
with
> by that authority and not be batted back to the applicant with the
> recommendation that they ask someone else. So in this case, if
the
> employer asks the health board for information about the
attendance or
> lack of attendance by an employee at an appointment, the response
from
> the health board cannot be "we think you should be discussing this
> with your truant, not us". However, what the health board could
do,
> in Scotland anyway, is resort to section 18 of FOISA which states
> that:
>
> (1) Where, if information existed and was held by a Scottish
public
> authority, the authority could give a refusal notice under section
> 16(1) on the basis that the information was exempt information by
> virtue of any of sections 28 to 35, 39(1) or 41 but the authority
> considers that to reveal whether the information exists or is so
held
> would be contrary to the public interest, it may (whether or not
the
> information does exist and is held by
> it) give the applicant a refusal notice by virtue of this section.
>
> Freedom of information is fun!!
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Tim Trent
> Sent: 10 June 2005 12:42
> To: [log in to unmask]
> Subject: Re: [data-protection] Disclosure or not?
>
>
> Wait! Do you mean YOU can put in an FOI request and see MY
hospital
> appointment records?
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Hawley,
Graeme
> Sent: 10 June 2005 12:40
> To: [log in to unmask]
> Subject: Re: [data-protection] Disclosure or not?
>
> I like Margarita and Jethro's responses, and agree that this would
be
> far more ideal. However, if a request for information is made to
a
> public authority, then the FOIA / FOI(S)A requires them to provide
a
> response relating to the information that they hold about that
> particular issue, and does not permit the authority to tell the
> applicant to go ask elsewhere instead (even though I do think that
> that would be a better course of action).
>
> Graeme Hawley
> National Library of Scotland
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of Jethro R Binks
> Sent: 10 June 2005 12:35
> To: [log in to unmask]
> Subject: Re: [data-protection] Disclosure or not?
>
>
> On Fri, 10 Jun 2005, Tim Trent wrote:
>
> > And that gives us the problem. Each argument holds water. And
> > since each argument holds water there are grounds for a dispute.
If
> > the dispute is settled in favour of the employee it is likely to
be
> > a disclosure that has caused damage or distress.
> >
> > I am considering it to be very specific personal data. It gives
> > details to the employer that the employee was allegedly not at
an
> > appointment with that place in that date. By giving them this
data
> > about their employee, despite the valid point that it is an
"absence
> > of data", they now have additional data about that employee.
>
> It seems to me the solution is rather simpler (or perhaps it's me
who
> is simple :).
>
> Why is the employer going behind their employees back on the
matter?
> Surely they should be discussing this with their employee, and
asking
> them to furnish proof if they suspect misbehaviour (while being
> cogniscent of their employee's right to privacy)? Such proof
might
> take the form of a letter from the health authority that the
employee
> himself asks to be written on his behalf - suitably anonymised
from
> features that may identify a particular department or service
attended
> (so not from the GUM clinic specifically, for example). The
letter
> can be checked by employee and handed to his employer; the
employer
> can then contact the health authority to check the validity of the
> letter if necessary.
>
> This is perhaps a means of implementing your suggestion:
>
> > The best answer is surely "We require proof that you have the
right
> > to any information at all about this person and that they permit
you
> > to have that information before we will give you any information
at
all.
> > You may not interpret this answer as giving you any information
of
> > any description about that person"
>
> Jethro.
>
>
> > We are not interest here in any alleged deception by the
employee.
> > We should only be interested in protecting their rights. Even
> > murderers have rights.
> >
> > _____
> >
> > From: Lewis, Chris G. [mailto:[log in to unmask]]
> > Sent: 10 June 2005 12:18
> > To: Tim Trent; [log in to unmask]
> > Subject: RE: [data-protection] Disclosure or not?
> >
> >
> > I disagree. I think were one to say, as suggested "no-one of
that
> > name had an appointment", you are not disclosing anything about
any
> > individual in isolation - "no-one called John Smith was here". I
> > can't see that a John Smith could complain that that was an
> > unauthorised disclsoure of their personal data. Firstly, I don't
> > think it's personal data, and secondly, it would equally be
known to
> > a member of the public who sat in reception all day as it was to
the
hospital.
> >
> > -----Original Message-----
> > From: This list is for those interested in Data Protection
issues on
> > behalf of Tim Trent
> > Sent: Fri 10/06/2005 12:14
> > To: [log in to unmask]
> > Cc:
> > Subject: Re: [data-protection] Disclosure or not?
> >
> >
> >
> > I would suggest that disclosing where "someone was not" is a
> > disclosure of
>
> > personal data, and in this case to a third party without
authorisation.
> >
> > What if this person were attending the GUM clinic for an HIV
test
> > and has absolutely NO desire for his employer (or alleged
employer)
to know?
> >
> > They have now also passed data to you, an unauthorised third
party,
> > of
> their
> >
> > suspicions of their employee.
> >
> > My advice?
> >
> > Avoid. Do not answer without permission form the data subject.
> >
> > -----Original Message-----
> > From: This list is for those interested in Data Protection
issues
> > [mailto:[log in to unmask]] On Behalf Of John Hughes
> > Sent: 10 June 2005 12:09
> > To: [log in to unmask]
> > Subject: [data-protection] Disclosure or not?
> >
> > A question for you:
> >
> > I have been contacted by a company asking whether or not one of
> > their employees had an appointment with us one recent Friday
> > afternoon. They suspect that they have been handed a faked
> > appointment letter by the employee as proof.
> >
> > If I replied by simply stating "no one of that name had an
> > appointment
> here
> > on that date", would I be on safe ground? My rationale is that
I am
> > disclosing nothing as nothing actually took place.
> >
> > John Hughes
> > DPO
> > Mayday Healthcare NHS Trust
> >
> >
> >
>
======================================================================
> ====
> =
> > This e-mail and any files transmitted with it are confidential.
If
> > you
> are
>
> > not the intended recipient, any reading, printing, storage,
> > disclosure
> to
> > another person, copying or any other action taken in respect of
this
> e-mail
> > is prohibited and may be unlawful. If you are not the intended
> recipient,
> > please notify the sender immediately by using the reply function
and
> then
> > permanently delete the email from your inbox.
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > Any queries about sending or receiving message please send to
the
> > list
> owner
> >
> > [log in to unmask]
> > (all commands go to [log in to unmask] not the list
please)
> >
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > Any queries about sending or receiving message please send to
the
> > list
> owner
> >
> > [log in to unmask]
> > (all commands go to [log in to unmask] not the list
please)
> >
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > All archives of messages are stored permanently and are
> > available to the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > http://www.jiscmail.ac.uk/help/commandref.htm
> > Any queries about sending or receiving message please send to
the
> > list
> owner
> > [log in to unmask]
> > (all commands go to [log in to unmask] not the list
please)
> >
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. .
. .
> .
> Jethro R Binks
> Computing Officer, IT Services
> University Of Strathclyde, Glasgow, UK
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the
list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
**********************************************************************
> ** Visit the National Library of Scotland online at www.nls.uk
>
**********************************************************************
> ** This communication is intended for the addressee(s) only. If
you
> are not the intended recipient, please notify the ICT Helpdesk on
> +44 131 623 3789 or [log in to unmask] and delete this e-mail. The
> statements and opinions expressed in this message are those of the
> author and do not necessarily reflect those of the National
Library of
> Scotland. This message is subject to the Data Protection Act 1998
and
> Freedom of Information (Scotland) Act 2002 and has been scanned by
> MessageLabs.
>
**********************************************************************
> **
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the
list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the
list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
**********************************************************************
> ** Visit the National Library of Scotland online at www.nls.uk
>
**********************************************************************
> ** This communication is intended for the addressee(s) only. If
you
> are not the intended recipient, please notify the ICT Helpdesk on
> +44 131 623 3789 or [log in to unmask] and delete this e-mail. The
> statements and opinions expressed in this message are those of the
> author and do not necessarily reflect those of the National
Library of
> Scotland. This message is subject to the Data Protection Act 1998
and
> Freedom of Information (Scotland) Act 2002 and has been scanned by
> MessageLabs.
>
**********************************************************************
> **
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the
list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
======================================================================
> ====
> =
> This e-mail and any files transmitted with it are confidential. If
you
> are not the intended recipient, any reading, printing, storage,
> disclosure to another person, copying or any other action taken in
> respect of this e-mail is prohibited and may be unlawful. If you
are
> not the intended recipient, please notify the sender immediately
by
> using the reply function and then permanently delete the email
from
> your inbox.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the
list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the
list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the
list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the
list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the
list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
