Thanks everyone for your input on this. A few different interpretations! I didn't get from reading the exemption that it only applied to the Data Controller wishing to do research but perhaps this is my mis- interpretation? My view was that further processing as per S33 (2)could mean further disclosing as per the definition of processing within the Act. That same paragraph seems to suggest that disclosing the data for the purposes of research would not be incompatible with the reasons why the data was first obtained. My view was that having sought guarantees as to the purpose of the research, ensuring that the relevant conditions were met (i.e the researcher was not going to make decisions that would affect the individual or cause damage or distress and that the personal data would be destroyed if the person did not wish to take part) that we could provide the details. We seek such guarantees when it comes to the disclosing to the police under S29 for example. Similar to other exemptions I thought that disclosure was discretionary and the exemption seems to suggest that as long as the relevant conditions are met it would not be unfair. In one example the Welsh Assembly has approached us for details of students studying for a PGCE so that they could be approached regarding the impact of the bursary scheme, whether they considered it to be effective, the improvements that could be made etc. Most of the research proposals we get is along these lines. I did not think that it would be beyond the expectations of the data subject to be approached to comment on a scheme that they are involved in. Whether this is from us or the researcher themselves they still have the choice to say no. I suppose its the choice of whether their details are passed on that is the issue. However saying all this I do recognise that principle 1 cannot be ignored. We dont currently let students know that their details may be passed on for the purpose of research (which I'm hoping to change) and it was this niggling doubt that prompted my e-mail in the first place! I was reasonably happy that Schedule 2 6 (1) could be relied upon but recognise that consent is perhaps the "safest" option. Once the fair processing notice element is in order I assume that the bases are covered and so long as there is no registered objections we can use our discretion as to whether the research is reasonable when deciding when to pass on details? Apologies for the long e-mail, Im new to the HE sector and have not had much experience in using this exemption which is why I thought it best to seek advice! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^