We are usually aware of the person - it's usually a member of staff or
member of the public who bears a grudge and usually we have had previous
correspondence. We like to comply rather than annoy the person. With
Social Work and Education which are likely to be the most sensitive
areas, we have an Open Access Policy (based on the DP Act 1998) and we
encourage clients to come in and inspect files. The same would have
applied to Housing if we still held housing stock but we don't.
Doreen
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Zohra, Fatima
Sent: 27 July 2006 14:18
To: [log in to unmask]
Subject: Verifying Requests for Personal Data - What's Reasonable.
Dear Listserv,
As you are no doubt aware the Data Protection Act, specifically section
7(3), states that a Data Controller is not obliged to comply with a
request under this section unless he is supplied with such information
as he may reasonably require in order to satisfy himself as to the
identity of the person making the request..
At Westminster, our current procedure is to ask for original
verification documents sent recorded delivery. Alternative arrangements
for photocopying originals at our One Stop Services which are then
witnessed by staff are also offered. Letters from Solicitors acting on
behalf of clients are acceptable, although we reserve the right to
confirm that this is in fact the case, i.e. a signed letter from the
client must accompany the application, together with address details
etc. Whilst every effort is made to accommodate individual circumstance,
for example, where applicants are physically unable to attend a One Stop
Shop. We reserve the right to maintain our verification standard. This
is in keeping the Metropolitan Police's procedure and most other
institutions, especially those in the private sector. I believe that
these steps are reasonable, as my first duty is to protect individuals
from unlawful disclosures. I also have a duty to the organisation, to
ensure procedures are in place that don't result in unlawful discloses.
Production of original documents is in my view not unreasonable - yet
the OIC is questioning this, by stating it believes that photocopies are
acceptable. Am I now to take it as given that when banks ask for
original documents they are in fact imposing a unreasonable requirement?
Where does this leave us in an age of identity fraud? I would be very
interested to hear from the listserv what procedures/requirements they
have for verifying identity for Subject Access Requests. I have done a
short trawl around Government departments (including the OIC) and
alarmingly they appear to have less stringent procedures than my own. Do
you think we are going over the top on this issue - personally as a
member of the public I would like to think that organisations were doing
everything in their power to stop unlawful disclosures, especially in
the light of recent events.
Fatima Zohra
Corporate Information Manager
Information Services
City of Westminster
************************************************************************
***********
Parking in Westminster is easier with our ParkRight guide. It explains
how to park, where to park and includes a useful map of zone one. For
your free copy call Parking Services on (020) 7823 4567 or visit
www.westminster.gov.uk/parking/
************************************************************************
***********
Westminster City Council switchboard: +44 20 7641 6000
www.westminster.gov.uk
************************************************************************
***********
This E-Mail may contain information which is privileged, confidential
and protected from disclosure.
If you are not the intended recipient of this E-mail or any part of it,
please telephone Westminster City Council immediately on receipt.
You should not disclose the contents to any other person or take copies.
************************************************************************
***********
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PLEASE NOTE: THE ABOVE MESSAGE WAS RECEIVED FROM THE INTERNET.
On entering the GSI, this email was scanned for viruses by the
Government Secure Intranet (GSi) virus scanning service supplied
exclusively by Cable & Wireless in partnership with MessageLabs.
In case of problems, please call your organisational IT Helpdesk.
The MessageLabs Anti Virus Service is the first managed service to
achieve the CSIA Claims Tested Mark (CCTM Certificate Number
2006/04/0007), the UK Government quality mark initiative for information
security products and services. For more information about this please
visit www.cctmark.gov.uk
********************************************************************
* This email is privileged, confidential and subject to copyright. *
* Any unauthorised use or disclosure of its content is prohibited. *
* The views expressed in this communication may not necessarily *
* be the views held by Scottish Borders Council. *
* Please be aware that any email sent or received by the Council *
* may require to be disclosed by the Council under the provisions *
* of the Freedom of Information (Scotland) Act 2002. *
********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
