This message has been converted to MIME format as it seemed to be
badly formed as it contained floating uuencoded text.
---9412DkzM098412dk:dCjFioQNjvLQzvFrwo_jKR
Content-Type: text/plain; charset="us-ascii"
Except where there is a duty of confidence, recorded personal information
which is not personal data (as currently defined and interpreted) is
accessible to anyone under FOIA. The duty of confidence exception does not
apply where the information relates to the person applying for it.
Ian Mansbach
Mansbachs
Data Protection Practitioners
[log in to unmask]
phone: 0871 716 5060
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Lynne Skipsey
Sent: 21 September 2004 11:15
To: [log in to unmask]
Subject: Re: [data-protection] Police Requests
Another issue arising from Durant:
Does this mean that all 'personal data' not falling within the narrow Durant
definition of 'related to' the data subject is technically NOT protected by
the FOI exemption S40(3), because it is no longer included within the scope
of the Data Protection Act?
Does this mean that a public body would have no legal grounds for refusing
to release this kind of data to any third party?
Kind regards
Lynne Skipsey
Information Manager
Registry - Corporate Services
NHSU
Tel 07775 508113
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 16 September 2004 15:30
To: [log in to unmask]
Subject: Re: [data-protection] Police Requests
Ian Mansbach on 16 September 2004 at 12:39 said:-
> One needs to decide if the information is personal data and apply
> Durant earlier in the process. I suggest the following
> (over-simplified) approach:
The process you describe is correct for * compiling * the SAR response.
I was speaking of the material forming the response, some of which could be
removed from the new definitions of personal data by the re-dacting process.
As with all data holdings a dependency then arises relating to the filing
system used to store the SAR response data. If that system does not fall
within the amended DPA definitions, and some of the redacted data does not
meet the amended definitions, how could it be determined to be personal
data?
A similar issue would arise with a letter extracted from a personnel file
and subsequently stored in a way which does not fall within the amended DPA
personal data criteria. Ergo it is not personal data.
And that is before you begin to even look at the s.29 responses relating to
material which does not itself immediately identify the data subject. (Even
prior to considering the amended personal data definitions.)
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ian Mansbach
> Sent: 16 September 2004 12:39
> To: [log in to unmask]
> Subject: Re: Police Requests
>
>
> Quite right and exactly why I said "may ... be personal data".
>
> > Those parts of any exemption or SAR response which contain personal
> > data relating to the data subject after redaction, and
> which then fall
> > within the personal data definition as amended by Durant would be
> > subject to the DPA.
>
> One needs to decide if the information is personal data and apply
> Durant earlier in the process. I suggest the following
> (over-simplified) approach:
>
> 1. Is it data (on computer, accessible public record, in a structured
> filing system taking into account Durant interpretation of structured
> filing system)?
>
> 2. If yes, is it personal data (relating to a living individual taking
> into account Durant interpretation of "relating to"?
>
> Then, and only then, treat the information as personal data and apply
> the provisions of the DPA (exemptions, redaction etc etc)
>
> Ian Mansbach
> Mansbachs
> Data Protection Practitioners
> [log in to unmask]
> phone: 0871 716 5060
>
> Ian
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 16 September 2004 12:00
> To: [log in to unmask]
> Subject: Re: [data-protection] Police Requests
>
>
> Ian Mansbach on 16 September 2004 at 11:13 said:-
>
> > Oops, my previous post was badly written!
> >
> > It is the record of the request for disclosure that might "be kept
> > forever, disclosed to anyone, transferred outside the EEA etc etc"
> > not the information requested which may well be personal data and
> > protected by the
> > DPA.
>
> Not necessarily.
>
> Those parts of any exemption or SAR response which contain personal
> data relating to the data subject after redaction, and which then
> fall within the
> personal data definition as amended by Durant would be
> subject to the DPA.
>
> Dependent upon the filing system thought appropriate by the responding
> organisation that could be all, part, or none of the response.
>
> I have certainly dealt with responses in the past when, after
> redaction, and taken out of context, some of the data would certainly
> no longer be personal
> data.
>
> Ian W
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*** This Message has been scanned for viruses by the NHSU WebShield Virus
Scanner, but is not guaranteed free from viruses ***
*** This e-mail and any attachments are confidential and are intended only
for the addressee(s). If you are not an intended recipient of this e-mail
and have received it in error, please notify the sender immediately by reply
e-mail and then delete it from your system.
This e-mail has been scanned for viruses by the NHSU WebShield Virus
Scanner, but is not guaranteed free from viruses ***
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|