My apologies, regarding my message below. I don't mean 3(b) in the first paragraph, I meant 3(a)(ii) - sorry. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth Sent: 19 May 2009 14:26 To: [log in to unmask] Subject: Re: [data-protection] confidential information and internal data re-use Firstly, why can't you use the vital interests? At least in so far as schedule 3 is concerned 3(b) "...protect the vital interests of another person". That covers sensitive information - would it cover "the commission or alleged commission of any offence"? In so far as Schedule 2 is concerned I would say that the protection of other people falls within either para 3 and/or para 6. I would suggest that you can therefore legitimately share this information so long as you are certain of the "facts". If something is given confidentially then of course confidentiality should be maintained. However, if they are involved in illegal activity, then do you not have recourse to section 29? As for which option is best. Much better to incur the "wrath" of one angry student, than the wrath of everyone if they end up doing serious harm to someone, or God forbid, going on the rampage with a gun (extreme example, but you get my drift). This is just off the top of my head.... Simon Howarth. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Okey, Andrew Sent: 19 May 2009 14:05 To: [log in to unmask] Subject: [data-protection] confidential information and internal data re-use Colleagues, Your opinion would be welcome on the following scenario: When students first register at Lancaster University they are given a Fair Processing notice that makes clear to them that data collected by any part of the university may be used in support of all the typical/routine functions of the university, including the management of academic programmes, the operation of disciplinary and welfare services etc. It is also made clear that information will be shared amongst staff when (but only when) there is an operational need. Student X performs poorly in his chosen course, and asks to restart on a new course. In considering X's restart request the admissions office collates information on X's status, performance and personal history to date, including formal records of disciplinary action taken against X on one occasion. In my role as DP office, I am then approached by X's original academic department, who indicate they have had several conversations with the student, which the student believed to be confidential, and which were conducted so that the department could better understand what was affecting X's academic performance. The information gleaned from those conversations suggest that X could potentially be (a) involved in some illegal activity and/or (b) that they might pose a threat to the wellbeing of other students he may come into contact with. Do I advise the department to pass this information to the admissions operation? The main argument against would be that of Fair Processing - the data (some of it possibly sensitive) was collected for one purpose, and is now to be used for a very different one, with the student not having been approached about this (and, because the data is probably at least partly sensitive, that means we need consent, which I doubt will be forthcoming). The main argument in favour would be that we have a broader duty to protect other students, which means we have to use this data to inform our decision about restart. This course of action places more weight on our duty of care than on our observance of DP law - after all, X is not a threat to HIMSELF, so we can't use the "vital interests" argument. Anyone want to comment on which of the two issues we'd be better off being sued for? Or is there a way out of this mess? Thanks Andrew Okey Administrative Officer Student Registry Lancaster University [log in to unmask] 01524-592138 (internal ext: 92138) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^