Kit
With all due respect, and I take your point about progress and openness, I
do not believe that it is widely understood that the legal status of
confidential references is subject to subject access rights under the data
protection legislation.

A clear statement from the party requesting the reference along the lines
you mention (vis a vis referees being liable under the law, openness, the
fact that the contents of the reference may be revealed to the subject of
the reference etc) would in general be useful rule to clarify things and
help spread understanding of the law in regard to references.

There are grounds for maintaining confidentiality, however, in various
circumstances, and use of Section 7(4) to support a refusal to disclose to
a data subject is something which a data controller can take advantage of
if necessary.  Not that this could be general practice as the case needs to
be at the least arguable.






                    [log in to unmask]
                    Sent by: This list is         To:     [log in to unmask]
                    for those interested          cc:
                    in Data Protection            Subject:     Re: Data Subject Access to
                    issues                        Confidential References
                    <data-protection@JISCM
                    AIL.AC.UK>


                    21/01/2002 17:18
                    Please respond to
                    KITLegal






In a message dated 21/01/2002 10:11:07 GMT Standard Time,
[log in to unmask] writes:

<< I would have thought that a confidential reference ought to be just
that.
 I do not see why, where technology has not effected a change in the status
 of information, it should suddenly be subject to rights of subject access
 where these did not previously exist . >>
------------
But it has changed, because the law has changed.  Personal data in text
files, manually-written references are now subject to the Act where
previously they may have qualified for an exemption.  References written on
WP prior to the new Act were not always exempt, as one or two data users
found to their dismay.

Perhaps the discussion can move on if we agree that confidentiality cannot
be
guaranteed and therefore we should stop talking about "confidential
references" and stick to the issue of whether third party identifiers
should
be given.

As has been stated on many occasions there are exemptions that apply to
information that identifies the referee but not necessarily the content of
the reference (unless this in itself identifies a person).  If the
reference
is a professional one, given by a previous employer who is a sole trader or
partner in a small partnership, the status of the information may be very
different to one written on behalf of a corporation or limited company.

From a personal point of view I would be very suspicious of any very good
or
very bad reference where the writer was not prepared to admit to the data
subject that they wrote it.

Any requests for references from me will ask the person for an honest and
true, factual and justifiable, reference.  I will remind referees that they
can be liable under law for what they write and that we have a policy of
open
references - incoming or outgoing.  If you can't justify it, don't write
it.

Ian Buckland
MD
Keep IT Legal Ltd

Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting
your
solicitor.  If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:

55 Curbar Curve
Inkersall, Chesterfield
Derbyshire  S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^