Hello Kim
I wonder if you are referring to Legal Professional privilege exemption. If
so this is only applicable data sought as part of the subject access and the
status of the advisor and the content of the advice communication would
determine if this can be argued.
It provides no exemption to Schedule 1 Part II 2(1)(b) where you have to
supply identity of data controller and any nominated representative (for
outside EEA processing), the purpose of the processing and further
information such as potential disclosures to enable an argument to be raised
that your processing is fair. There are two conditions in Part II 3(2) (a)
and (b) which exempt this. a) is the disproportionate effort argument
(unlikely) b) is where the recording or the disclosure of the information
is necessary for compliance with any legal obligation to which the
controller is subject, this may apply in a LA situation, you should check
this with your lawyers.
The content of the data does not necessarily have to be disclosed until a
subject access request is raised and the extent of this determined by the
application of any applicable exemptions. In addition as well as subject
access rights disclosure could also be obtained through court discovery
processes should an individual decide to take the controller to court. If
that was likely there would appear little benefit in delaying disclosure
simply due to a subject access exemption.
Hope this assists.
David Wyatt
-----Original Message-----
From: [log in to unmask]
[mailto:[log in to unmask]]On Behalf Of Kim Campbell
Sent: 17 November 2000 16:13
To: [log in to unmask]
Subject: Third parties and data protection- a query.
Dear all,
I would appreciated any guidance the group can offer on the on the following
issue:
A local authority advice centre have been advised by their IT section that
if information about a person e.g. a landlord's details in a harassment case
is recorded, then that person needs to be informed under the data
protection legislation.
Surely this can not be correct? I understand that where data is received
from a third party the data subject must usually be informed that such data
is being processed, but I can not believe that this was ever intended to
contravene client/advisor confidentiality.
I am however not clear about how the act actually exempts the
client/advisor situation - particularly for non-criminal cases which will
never go to court. Can any one shed light on my ignorance?
Regards,
Kim Campbell
___________________________________________________
This e-mail, and any attachment, is confidential. If you have received it in
error, please delete it from your system, do not use or disclose the
information in any way, and notify me immediately. The contents of this
message may contain personal views which are not the views of Shelter,
unless specifically stated.
Registered address:
88 Old Street
London EC1V 9HU
Company number 1038133
Registered charity number 263710
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|