Does this mean then that it's a case of weighing up the legitimate interests
of the 'data controller' or 'third party or parties to whom the data are
disclosed' and the rights of the 'data subject'?
Would a 'data subject' have to prove that their rights and freedoms, or
legitimate interests, were being prejudiced?
And why does this para apply only to an Intranet and not the Internet?
Surely there are many 3rd parties who need to contact people within the
intitution for work purposes?
Out of interest, how many of us have read the whole act? Personally, I've
only picked up a few bits here and there...
Helen
-----Original Message-----
From: Adrian Tribe [mailto:[log in to unmask]]
Sent: 15 June 2000 15:16
To: [log in to unmask]
Subject: RE: On-line staff contacts
At 10:44 15/06/00 +0100, Spencer Gasson wrote:
><Snip>
>I'm not quite sure how this would work on an Intranet since it is an
internal
>version of a printed list, but suspect the same would apply.
You can publish on an intranet without getting prior consent, as you
can argue that the condition set out in Schedule 2 Para 6(1) of the
DPA applies:
"The processing is necessary for the purposes of legitimate interests
pursued by the data controller or by the third party or parties to whom
the data are disclosed, except where the processing is unwarranted in
any particular case by reason of prejudice to the rights and freedoms
or legitimate interests of the data subject."
For an organisation to function properly, an internal directory is
essential.
So, you can have an opt-out policy for inclusion of details in an
intranet Web directory, but you'll need an opt-in policy for the public
Web directory to be on the safe side.
Best wishes,
Adrian
Adrian Tribe <[log in to unmask]>
Web Editor, Birkbeck College, University of London
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|