I think this discussion has been excellent ……….

Teresa Gudge

IT Security Specialist

01225 731774 Mobile 07826953268

KISS – Keep Information Safe and Secure

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 28 November 2013 15:54
To: [log in to unmask]
Subject: Re: [data-protection] Data Controller or Not

Warning: This message contains unverified links which may not be safe.  You should only click links if you are sure they are from a trusted source.

If you hold data for your own purposes you are a Data Controller. I imagine the police would have given you a report so that you could use it in some way. You are not just looking after it for the police (which is what would make you a Data Processor).

When you say 'applicant', Doreen, do you mean that you have received a Subject Access Request?

If so, then can you not apply the 'third party' rule in ss.7(4), (5) and (6) of the DPA? The police are the source of the data; they are a third party; they have asked you not to disclose; you do not have their consent and you have decided that it is not reasonable to disclose the information without consent; therefore you redact it.

Have I missed something?

Paul Ticher
0116 273 8191
www.paulticher.com
22 Stoughton Drive North, Leicester LE5 5UB

For continuous priority support on Data Protection, sign up to my support service:
www.paulticher.com/data-protection-services

----- Original Message -----

From: [log in to unmask]"> Broom, Doreen

To: [log in to unmask]"> [log in to unmask]

Sent: Thursday, November 28, 2013 2:21 PM

Subject: Data Controller or Not

Hi All

I am in correspondence with ICO. Anyway, they have phoned me up as we have refused to provide a full copy of a Police Report to an applicant. We telephoned the Police to ask if we could and they asked us to get the applicant to write to them and they would explain why they had redacted certain information as the individual had already written to them (SAR). We were sent a copy by the Police as they asked that a Social Worker be present at the interview with the Police and the individual.

ICO’s office has said that as we have a copy of the Police Report we are now the Data Controller – that is not my interpretation – data processor surely – anyway I have always referred them to other agencies to obtain their information. However, on occasions I have written to NHS to ask permission to disclose certain Consultants’ Reports. On this occasion we did approach the Police and they have asked us not to disclose.

What is your interpretation of this – I certainly have never taken the view that just because we hold information sent to us by another organisation that we would then be the DC.

Any thoughts greatly appreciated,

Regards,

Doreen

Doreen Broom

Data Compliance Officer

Scottish Borders Council

Resources Department - BTS

Tel: 01835 826516

e-mail: [log in to unmask]
"**********************************************************************
This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.
The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002. **********************************************************************"
 
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)