We are usually aware of the person - it's usually a member of staff or member of the public who bears a grudge and usually we have had previous correspondence. We like to comply rather than annoy the person. With Social Work and Education which are likely to be the most sensitive areas, we have an Open Access Policy (based on the DP Act 1998) and we encourage clients to come in and inspect files. The same would have applied to Housing if we still held housing stock but we don't. Doreen -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Zohra, Fatima Sent: 27 July 2006 14:18 To: [log in to unmask] Subject: Verifying Requests for Personal Data - What's Reasonable. Dear Listserv, As you are no doubt aware the Data Protection Act, specifically section 7(3), states that a Data Controller is not obliged to comply with a request under this section unless he is supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request.. At Westminster, our current procedure is to ask for original verification documents sent recorded delivery. Alternative arrangements for photocopying originals at our One Stop Services which are then witnessed by staff are also offered. Letters from Solicitors acting on behalf of clients are acceptable, although we reserve the right to confirm that this is in fact the case, i.e. a signed letter from the client must accompany the application, together with address details etc. Whilst every effort is made to accommodate individual circumstance, for example, where applicants are physically unable to attend a One Stop Shop. We reserve the right to maintain our verification standard. This is in keeping the Metropolitan Police's procedure and most other institutions, especially those in the private sector. I believe that these steps are reasonable, as my first duty is to protect individuals from unlawful disclosures. I also have a duty to the organisation, to ensure procedures are in place that don't result in unlawful discloses. Production of original documents is in my view not unreasonable - yet the OIC is questioning this, by stating it believes that photocopies are acceptable. Am I now to take it as given that when banks ask for original documents they are in fact imposing a unreasonable requirement? Where does this leave us in an age of identity fraud? I would be very interested to hear from the listserv what procedures/requirements they have for verifying identity for Subject Access Requests. I have done a short trawl around Government departments (including the OIC) and alarmingly they appear to have less stringent procedures than my own. Do you think we are going over the top on this issue - personally as a member of the public I would like to think that organisations were doing everything in their power to stop unlawful disclosures, especially in the light of recent events. Fatima Zohra Corporate Information Manager Information Services City of Westminster ************************************************************************ *********** Parking in Westminster is easier with our ParkRight guide. It explains how to park, where to park and includes a useful map of zone one. For your free copy call Parking Services on (020) 7823 4567 or visit www.westminster.gov.uk/parking/ ************************************************************************ *********** Westminster City Council switchboard: +44 20 7641 6000 www.westminster.gov.uk ************************************************************************ *********** This E-Mail may contain information which is privileged, confidential and protected from disclosure. If you are not the intended recipient of this E-mail or any part of it, please telephone Westminster City Council immediately on receipt. You should not disclose the contents to any other person or take copies. ************************************************************************ *********** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ PLEASE NOTE: THE ABOVE MESSAGE WAS RECEIVED FROM THE INTERNET. On entering the GSI, this email was scanned for viruses by the Government Secure Intranet (GSi) virus scanning service supplied exclusively by Cable & Wireless in partnership with MessageLabs. In case of problems, please call your organisational IT Helpdesk. The MessageLabs Anti Virus Service is the first managed service to achieve the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK Government quality mark initiative for information security products and services. For more information about this please visit www.cctmark.gov.uk ******************************************************************** * This email is privileged, confidential and subject to copyright. * * Any unauthorised use or disclosure of its content is prohibited. * * The views expressed in this communication may not necessarily * * be the views held by Scottish Borders Council. * * Please be aware that any email sent or received by the Council * * may require to be disclosed by the Council under the provisions * * of the Freedom of Information (Scotland) Act 2002. * ******************************************************************** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^