JISCMail - DATA-PROTECTION Archives

Not unusual to get a complaint from a data subject about redaction of a 
document in response to their SAR - but anyone else had a complaint from 
the third party that provided the original document?

The personal data of the requestor was mainly comments / opinions of the 
third party, contained in a much larger report along with information about 
the third party himself (qualifications, professional experience, etc.) and 
about a small business & its directors and his opinions of them.

The third party is complaining that, disclosing to the data subject only 
her own PD in a redacted form we have provided biased and misleading 
information (she has not questioned the redaction).

He stated in writing back in 2002 that he did not object to the contents 
being shared with her. So didn't bother seeking consent in 2005 when SAR 
came in - reasonable in all the circumstances, etc. etc. etc. - but he 
feels we should have contacted him again.

He now wants us to 'resolve his complaint informally' though hasn't been 
specific about what that means (in addition to recently making his own SAR, 
and several FOIA requests).

Have told him repeatedly over past 6 months that we believe we acted in an 
appropriate, proportionate & lawful manner, in compliance with stautory 
obligations under s7 of DPA and taking account of IC's guidance on 'subject 
access & third parties'. Therefore there is nothing we can do to 'resolve' 
under corporate complaints procedure but that he can ask IC for advice or 
an assessment of whether we have breached DPA.

Anyone else had a similar experience? Any ideas for handling other than 
continuing to point him towards the IC?

Kirsty E Gray
Access to Information Advisor
Commission for Social Care Inspection

Note: comments for discussion and debate only and do not necessarily 
reflect the corporate position of CSCI nor constitute legal advice.




^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



       All archives of messages are stored permanently and are



      available to the world wide web community at large at



      http://www.jiscmail.ac.uk/lists/data-protection.html



      If you wish to leave this list please send the command



       leave data-protection to [log in to unmask]



            All user commands can be found at : -



        http://www.jiscmail.ac.uk/help/commandref.htm



Any queries about sending or receiving message please send to the list owner



              [log in to unmask]



  (all commands go to [log in to unmask] not the list please)



   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^