I think that one is not entitled to exclude any data source from the efforts
one makes in acceding to a SAR.  It is not up to the Data Subject to know
where their data is held, it is up to you as a data controller.  By the
logic you state here you could exclude ANY data set not referred to
explicitly in a SAR, which is invalid.

We are expected to scour filing cabinets, PDAs Personal Organisers and all
other extremely difficult data sources as well.

If I issued a SAR to an organisation and did not receive (eg) email data I
would make an immediate formal complaint, because obviously that
organisation is concealing data about me.

_____________________________________________________________
Tim Trent
Chief Privacy Officer EMEA
Gartner
EMEA Marketing, Tamesis,  The Glanty,  Egham,  Surrey,  United Kingdom,
TW20 9AW
Switchboard +44 (0)1784 431 611, Direct Line +44 (0)1784 267 335, Mobile +44
(0)7710 126 618
Visit our home on the web:  http://www.gartner.com

The opinions expressed in this message are my own, and may or may not
reflect those of my employer.  They are expressed as a part of the
discussion on the JISCMail mailing list on data protection and for no other
purpose.  They have no legal standing and are offered as part of informed
and informal discussion.  They may NOT be attributed to Gartner in any way.
Any personal data provided is provided expressly for use of discussions on
the JISCMail Data Protection Discussion list.  Under the UK Data Protection
Act 1998 I expressly forbid any individual or organisation to make
commercial use of my data published either on the email list or in the
archives of that or other lists whether this message appears or not.  This
includes messages already published in the archives.


-----Original Message-----
From: Arthur Howell [mailto:[log in to unmask]]
Sent: 26 July 2002 11:49
To: [log in to unmask]
Subject: Re: SARs and email Archives


Hi All,

I personally think that emails are the most contentious media there is
(people still treat them as their own personal and private correspondence)
and agree that unless the SAR explicitly states 'emails required' and in
relation to a particular person (there may be some disciplinary dispute
going on), I would not supply them however, if requested I would make 'best
endeavors' to recover what we could.

Regards

Arthur Howell


-----Original Message-----
From: Colette Healiss [mailto:[log in to unmask]]
Sent: 26 July 2002 09:41
To: [log in to unmask]
Subject: SARs and email Archives

Dear All

Have just been reading through this thread about the difficulties of
identifying relevant emails for an SAR in a large organisation.

Doesn't this issue just boil down to a balance of risk?   With the best
will in the world large organisations are not going to be able to keep
track of all the email data staff store on their hard drives or cds and
floppy disks, nor guarantee to be able to find relevant data stored this
way for every SAR.  In any case email data cannot really be classed the
same as data on other  media given the legal privacy rights now attaching
to individual's email boxes.  I agree with the contributor who felt that
the general trawl could be considered disproportionate effort in terms of
the Act.

However I don't think we should concern ourselves too much about this area
unless a Data Subject evidently knows about the existence of relevant email
data and is indicating the location of emails in which they are interested
or are challenging the use of email for transmission of particular data.
Surely most of the important stuff sent this way is also stored elsewhere
and can be obtained via a different route.

 My feeling is that an organisation must do what is practicable to keep its
treatment of email data reasonably on a par with other data in terms of
raising staff awareness about DP issues surrounding email data and their
individual responsibilities in relation to the law.  If we are expected to
do more I would like to see someone come up with a realistic way in which
we can meet the conflicting demands of DPA section 7 and the relevant bits
of HRA (or whichever piece of legislation it is covering privacy -
apologies for ignorance)

Thank god its friday

Colette Healiss
St Helens

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


**********************************************************************
The views and comments expressed in this email are confidential to the
recipients
and should not be passed on to others without permission.  This email
message does
not necessarily express the views of Bath & North East Somerset Council and
should
be considered personal unless there is a specific statement to the contrary.

This footnote also confirms that this email message has been checked for all
known viruses by the MessageLabs Virus Scanning Service.

Making Bath & North East Somerset a better place to Live, Work and Visit.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^