Andrew
Good response.
My own exprience regards the interpretation of alledged offence was that
our legal advisors argued the term offence meant criminal offence. However
during the lobbying on the Act and the underlying directive I actively
participated in it was by no means clear that this was the common
understanding of the directives intent.
Given the problems with references and their potential for generating major
damage to individuals there was much debate around why references should
have full transparancy by being accessible for challenge and correction.
After all it is somewhat naive to expect all reference providers to have a
monopoly on full integrity. Experience shows you that in some cases a
reference provider has their own agenda and hope to hide behind a cloak of
confidentiality.
As you point out a very complex subject in the light of factors such as the
OIC view that 'opinions' cannot be challenged on accuracy, vicarious
liability of employers and the potential linkage to libel / defamation
considerations if reference data is not handled incorrectly.
Regards
David Wyatt
----- Original Message -----
From: "Andrew Charlesworth" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, September 06, 2006 9:25 PM
Subject: Re: [data-protection] Question on a reference[Scanned]
> Apologies for the length of this response - there seem to be more angles
> to be considered than I'd anticipated when I began.
>
>> An organization is seeking a reference for a student and asks the
>> question "Do you believe the subject to be strictly honest,
>> conscientious and discreet?"
>>
>> If the student has been found guilty of plagiarism but has continued on
>> the course and has now graduated, can one answer YES to that question?
>
> It's a common question in my experience, particularly from temp agencies
> who are supplying staff to third parties, probably an attempt on the part
> of the temp agencies to protect themselves in their dealings with those
> third parties. I think that type of question is more common partly
> because references have tended to become more anodyne in response to
> concerns about disclosure to the subject of the reference, so reference
> requestors are being more direct about what they want to know (if not
> always terribly clear about why).
>
> If I have no evidence of practices such as plagiarism, and no formal
> knowledge of a student beyond the classroom, as is usually the case, I
> normally say that I have no reason to doubt the honesty, conscientiousness
> and discretion of the candidate. I find 'No comment' a bit blunt as a
> general response.
>
> Where there is knowledge about a student's activities which I have as part
> of my institutional role, things would become trickier. Plagiarism is a
> particularly difficult issue to deal with. Academics deal with a range of
> plagiarism offences, from those where there is a clear intent on the part
> of the student to deceive as to the authorship of the work; to those where
> it is unclear that the student has properly understood what they have done
> wrong (although as institutions have become more attuned to the problem,
> and are making the rules explicit in handbooks and guidelines, and
> enforcing them via mechanisms such as the JISC Plagiarism service, the
> wholly innocent plagiarist does seem to be becoming rarer).
>
> So, for a starting point, does the fact that a student has been found
> guilty of plagiarism necessarily mean that they are dishonest (I'm
> assuming that's the key issue)? What are the facts of that finding of
> 'guilty' by the institution? Is it:
>
> - guilty by 'strict liability' (student has plagiarised - defined here as
> "used the work of others without proper attribution" - and intent or
> otherwise is irrelevant); or,
>
> - guilty by 'intent' (institution has determined that student has
> plagiarised, and that there is sufficient evidence that the student had
> intent to breach the rules).
>
> If the plagiarism falls into the former category, then it is questionable
> as to whether it provides any indication of 'dishonesty', and it is
> difficult to justify it as being relevant to the question.
>
> If the institution has a documented process for dealing with plagiarism
> with intent, and an appeals procedure from that process, and the student
> has been determined at all stages to have plagiarised with intent, (and
> the process has concluded) then perhaps we need to look towards the DPA.
>
> a) Is that further processing of the personal data originally processed
> for the purpose of internal disciplinary sanction lawful? (I'm thinking
> Principle 2 here)
>
> Was the student informed that the outcome of an internal disciplinary
> proceeding, for which they have already (presumably) paid some form of
> penalty, might be the subject of disclosure to a third party, such as a
> potential employer? Have they had the opportunity to object?
>
> (I think making such a stipulation to students might be a deterrent to
> would-be plagiarists, but it might also mean that every plagiarism case
> would be fought through every single appeals stage - something
> institutions are unlikely to be prepared for)
>
> b) If YES to a) then is evidence of plagiarism 'sensitive personal data'?
>
> My understanding of s.2 DPA 1998 (g) & (h) (commission or alleged
> commission of any offence; proceedings for any offence committed etc.) is
> that these refer to formal criminal cases, but I'm open to
> argument/correction on that point. Would that also mean that someone who
> has committed a criminal offence in the past might not have that offence
> disclosed in a reference, but someone who plagiarised an undergraduate
> essay would - that seems a bit odd to me - a criminal offence may be seen
> as more prejudicial than plagiarism, but if the question is coined in
> terms of 'honesty'....?
>
> If NO then see Schedule 2 for possibilities:
>
> - Sch.2 (1) The data subject has given consent to the processing.
>
> Ronan's point - I guess you show the DS the reference, and ask if they
> want it sent. FWIW I always show candidates the reference I have written
> before sending it - I have had one person so far decide to go elsewhere
> for their reference - it apparently wasn't laudatory enough. This
> approach may run the risk of accusations of 'coerced consent' - having no
> institutional reference being as, or more, damning than having one
> mentioning plagiarism.
>
> - Sch.2 (6) The processing is necessary for the purposes of legitimate
> interests pursued by the data controller or by the third party or parties
> to whom the data are disclosed, except where the processing is unwarranted
> in any particular case by reason of prejudice to the rights and freedoms
> or legitimate interests of the data subject.
>
> If the plagiarism is 'plagarism with intent', the proper procedures have
> been followed and completed, what rights and freedoms or legitimate
> interests of the DS are being *prejudiced*? If the plagiarism is not
> disclosed, what are the risks run by the DC (misrepresenting the
> candidate), or the third party (hiring an employee who has plagiarised),
> vis _their_ legitimate interests?
>
> If YES then see Schedule 2 & 3 for possibilities:
>
> - Sch.2 (1) The data subject has given consent to the processing.
>
> As above.
>
> - Sch.2 (6)The processing is necessary for the purposes of legitimate
> interests pursued by the data controller or by the third party or parties
> to whom the data are disclosed, except where the processing is unwarranted
> in any particular case by reason of prejudice to the rights and freedoms
> or legitimate interests of the data subject.
>
> As above.
>
> - Sch.3 (1) The data subject has given his explicit consent to the
> processing of the personal data.
>
> As above, but ideally clearly evidenced.
>
> - Sch.3 (3) The processing is necessary in order to protect the vital
> interests of another person, in a case where consent by or on behalf of
> the data subject has been unreasonably withheld.
>
> Depends on the nature of the job, but seems farfetched.
>
> - Sch.3 (5) The information contained in the personal data has been made
> public as a result of steps deliberately taken by the data subject.
>
> If disclosed by the DS in an application, then the DC might wish to
> explain the circumstances. The situation outlined by Graham doesn't seem
> to fall into this category.
>
> After all that, what are the possible options?
>
> 1) Refuse to answer the question/ignore the question
>
> - may count against candidates from your institution with no disciplinary
> record
> - may been seen as hiding something,
> - may risk fall-out from employer if candidate is dishonest in workplace.
>
> However, if 'normal practice' is not to make such disclosures, then what
> is the rationale for moving from that position, even in the face of a
> question which indirectly impinges on those issues.
>
> 2) Answer 'No comment'
>
> - if done across the board may count against candidates from your
> institution with no disciplinary record
> - if done selectively, may be as damaging as disclosure (in essence, it is
> a disclosure),
> - may risk fall-out from employer if DS is then dishonest in workplace.
>
> 3) Ask the DS for permission to disclose
>
> - if they say 'yes' that's a possible solution
> - if they say 'no' you still have the problem.
>
> 4) Show the DS the reference and ask if they want it sent
>
> - may run the risk of accusations of 'coerced consent'.
>
> 5) Disclose the plagiarism (assuming it is NOT sensitive personal data)
>
> - risk of DS taking action for unlawful disclosure.
>
> Assessing risk - likelihood of DS requesting reference from would-be
> employer + likelihood plagiarism issue was reason why would-be employer
> didn't hire them + DC able to show plagiarism procedure fair and
> disclosure of data from procedure to 3rd party for hiring purposes fair
> and lawful + balancing of legitimate interests of DC and 3rd party against
> prejudice to the rights and freedoms or legitimate interests of DS.
>
> As an individual referee, I would be inclined towards options 1 or 4 - as
> noted above, an institution may find option 4 a more difficult position to
> sustain.
>
> My 2 cents.
>
> Andrew
>
> Andrew Charlesworth
> Senior Research Fellow in IT and Law
> Director, Centre for IT and Law
> School of Law/Department of Computer Science
> University of Bristol
> Wills Memorial Building
> Queens Road, Bristol BS8 1RJ
>
> Tel: 0117 954 5633 (CompSci)
> Fax: 0117 954 5208 (CompSci)
> E-mail: [log in to unmask]
>
> --On Wednesday, September 06, 2006 6:08 PM +0100 "C.Oppenheim"
> <[log in to unmask]> wrote:
>
>> I'm surprised at Ronan's first question, as this is a standard form of
>> words used in many pro forma reference requests.
>>
>> Might not the solution be to put "no comment" against the question if
>> there really are DP concerns?
>>
>> Charles
>>
>> Professor Charles Oppenheim
>> Head
>> Department of Information Science
>> Loughborough University
>> Loughborough
>> Leics LE11 3TU
>>
>> Tel 01509-223065
>> Fax 01509-223053
>> e mail [log in to unmask]
>
>> ----- Original Message ----- From: "RONAN DURNIN"
>> <[log in to unmask]>
>> To: <[log in to unmask]>
>> Sent: Wednesday, September 06, 2006 5:17 PM
>> Subject: Re: Question on a reference[Scanned]
>>
>>
>> Why are those seeking a reference asking the question? And would
>> answering no to the question cause damage or distress to the subject of
>> the reference? Remember that by providing a reference, you are passing
>> personal data of the data subject onto a third party. The data subject
>> may well have been told at the point of completing the application form
>> (or whatever form) that references would be sought - I don't believe
>> that this is necessarily an indication that the data subject consents to
>> such personal information being obtained by the requestor or disclosed
>> by the recipient of the reference request. Might it be appropriate to
>> contact the data subject to obtain their consent given their previous
>> plagiarism?
>>
>> Just my tuppence worth...
>>
>> Ronan.
>>
>> ========================
>> Ronan Durnin
>> Business Support Officer
>> NIGALA
>> 79 Chichester Street
>> Belfast
>> BT1 4JE
>
>> -----Original Message-----
>> From: This list is for those interested in Data Protection issues
>> [mailto:[log in to unmask]] On Behalf Of Graham Donelan
>> Sent: 06 September 2006 17:07
>> To: [log in to unmask]
>> Subject: [data-protection] Question on a reference[Scanned]
>>
>> Maybe not strictly be a DP question but has DP implications possibly.
>>
>> An organization is seeking a reference for a student and asks the
>> question "Do you believe the subject to be strictly honest,
>> conscientious and discreet?"
>>
>> If the student has been found guilty of plagiarism but has continued on
>> the course and has now graduated, can one answer YES to that question?
>> It is normal practice not to refer to such matters in the reference but
>> the question is very direct.
>>
>> Thanks
>>
>> Graham
>>
>> Graham Donelan
>> University Secretary
>> Liverpool Hope University
>> Telephone - 0151 291 3756
>> Fax - 0151 291 3855
>
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
> Andrew Charlesworth
> Senior Research Fellow in IT and Law
> Director, Centre for IT and Law
> School of Law/Department of Computer Science
> University of Bristol
> Wills Memorial Building
> Queens Road, Bristol BS8 1RJ
>
> Tel: 0117 954 5633 (CompSci)
> Fax: 0117 954 5208 (CompSci)
> E-mail: [log in to unmask]
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
> owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|