Dear all

 

I’m in the middle of handling a data protection request. The requester would like to see their occupational health file, among other things. I have asked occupational health to release the file to me. I always ask for information to come to me. It means I can ensure it goes out within the deadline and that the requester receives information in one wodge rather than in dribs and drabs from different areas of the organisation. I also check for references to third parties for redaction.

 

Occ Health have come back to me and said that they can’t release a file to me as I am a third party. In addition to the form the requester has filled out for my office they want him to fill out their form to authorise release of his data to a third party (i.e. me)

 

It’s never occurred to me before that I am a third party. I just think of myself as a conduit through which information flows.  Am I being naïve? Or are Occ Health being over zealous? In the year I’ve been in post I’ve not had a request for Occ Health files before, so it’s set me thinking.

 

As it happens I think the file size is such (it’s paper) that we’ll ask the requester to come in and look at it, but I’d still like to hear what people think.

 

Sara

 

 

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)