Thanks everyone for your input on this. A few different interpretations! I
didn't get from reading the exemption that it only applied to the Data
Controller wishing to do research but perhaps this is my mis-
interpretation? My view was that further processing as per S33 (2)could
mean further disclosing as per the definition of processing within the
Act. That same paragraph seems to suggest that disclosing the data for the
purposes of research would not be incompatible with the reasons why the
data was first obtained. My view was that having sought guarantees as to
the purpose of the research, ensuring that the relevant conditions were
met (i.e the researcher was not going to make decisions that would affect
the individual or cause damage or distress and that the personal data
would be destroyed if the person did not wish to take part) that we could
provide the details.
We seek such guarantees when it comes to the disclosing to the police
under S29 for example. Similar to other exemptions I thought that
disclosure was discretionary and the exemption seems to suggest that as
long as the relevant conditions are met it would not be unfair.
In one example the Welsh Assembly has approached us for details of
students studying for a PGCE so that they could be approached regarding
the impact of the bursary scheme, whether they considered it to be
effective, the improvements that could be made etc. Most of the research
proposals we get is along these lines. I did not think that it would be
beyond the expectations of the data subject to be approached to comment on
a scheme that they are involved in. Whether this is from us or the
researcher themselves they still have the choice to say no. I suppose its
the choice of whether their details are passed on that is the issue.
However saying all this I do recognise that principle 1 cannot be ignored.
We dont currently let students know that their details may be passed on
for the purpose of research (which I'm hoping to change) and it was this
niggling doubt that prompted my e-mail in the first place! I was
reasonably happy that Schedule 2 6 (1) could be relied upon but recognise
that consent is perhaps the "safest" option. Once the fair processing
notice element is in order I assume that the bases are covered and so long
as there is no registered objections we can use our discretion as to
whether the research is reasonable when deciding when to pass on details?
Apologies for the long e-mail, Im new to the HE sector and have not had
much experience in using this exemption which is why I thought it best to
seek advice!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
