Renzo,

Thank you for the correction, I was thinking of the new personal data
definition case which keeps being reported as progressing towards the House
of Lords and seems to be typically referred to as raising Durant type
issues, and then confusing them.  (I believe it is an NHS case. Masons will
have full details of the case name as they have been including it within
their update sessions.)

I suppose the House of Lords must be trying to pick a case which would allow
them to provide an appropriate answer to perceived needs.

I hope you do not mind me cc'ing the list with this response as clearly
people there need to be aware of the mistake/misquote.

Ian W

-----Original Message-----
From: Marchini, Renzo [mailto:[log in to unmask]]
Sent: Thursday, July 26, 2007 1:54 PM
To: Ian Welton
Subject: RE: [data-protection] Candidates of concern


Ian

Have I missed something? I thought Durant in the House of Lords was over
in November 2005 (they refused to hear the appeal).

Do you know otherwise?  Has something more recent happened?

Renzo


Renzo Marchini
Dechert LLP
+44 (0) 20 7184 7563 direct
+44 (0) 20 7184 7001 fax
[log in to unmask]
www.dechert.com


-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: 26 July 2007 13:51
To: [log in to unmask]
Subject: Re: [data-protection] Candidates of concern

Peter,

Considering the Durant UK Court of Appeal decision this type of
communication may or may not be personal data, dependent upon how it is
held
by the data controller.
Considering the EU Article 29 Working Party latest opinion (post Durant)
this is most definitely personal data. Opinion 4/2007 on the concept of
personal data of 20th June 2007.
Considering the Durant House of Lords appeal this area in the UK
continues
in flux.

Considering the application of the CRB and official vetting procedures
this
may be excessive for purpose if it does not form part of those
processes.

Looking at the issues ongoing within the UK, and allegedly immanent
revision
by the ICO of their guidance in this area it could be prudent to await
the
ICO's guidance and the documented House of Lords decision prior to
finalising any actions.

Meanwhile it sounds as if it would be prudent to at least identify the
following to progress the work, allowing as early a resolution as
possible,
and doing so may even resolve the matter:-

1. How is the data held?  (Unstructured correspondence file, structured
file, or other method)
2. How is any further data subsequently obtained used, by whom, and
would
that use be legitimate?
3. What organisational policies exist regarding that type of
correspondence
and data?
4. Who authorises any retention, do they have sufficient knowledge of
all
the potential legal implications to make an authoritive decision about
that?
5. What retention periods exist?
6. What recourse does a data subject have to decisions made about them
based
on the correspondence or data obtained, is this material treated as
secret
information to be influential during the shortlisting stage, used at an
early stage, or for use later during any interview process.
7. Is it feasible to conduct an audit on the actual data these
correspondents hold as a means of finding out what the personal data
held by
those data controllers actually consists of?  Would the ICO would be in
a
position to do that if requested? :-)

Others on the list will no doubt be able to provide other questions
which
will require answering.

As you will have gathered this area is currently very topical so there
may
well be strong issues raised, and much fence sitting. The ICO has
apparently
stated they can reconcile all of the currently conflicting rulings and
advice so getting them to audit the actual data if possible would seem
logically to be most helpful for them.

If the system is strongly supported you will probably find it
advantageous
to raise any policy issues and risks after incorporating the published
House
of Lords decision.


Ian W


> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Peter Rooney
> Sent: 26 July 2007 08:25
> To: [log in to unmask]
> Subject: Candidates of concern
>
>
> Dear All,
>
> Our HR department has received a letter from another Local
> Authority which
> gives personal identification details (names, addresses, n.i.
> no., d.o.b.)
> about an individual and a message to the effect that if this
> person should
> apply for any job whatoever with us we should call the named
> officer at
> this LA.  It give no reasons (it could be that they looking for the
> individual or perhaps the individual is unsuitable as an employee) or
> further details.  On enquiring I am led to understand that
> this type of
> letter is not a rare occurrence, that we have other such
> contacts on file,
> and that some departments (childrens and adult social services
> particularly) receive quite a number of such "warnings".
>
> The letter was addressed to "all local authorities", I'd be grateful,
> therefore, to hear about the approaches that other LAs are taking to
> holding these kinds of records and how they justify doing so
> in DPA terms?
> I'm sorry if I have missed this issue being raised
> previously.  The ICs
> office have no experience of this practice, I have checked there.
>
> Many thanks.
>
> Peter Rooney
> Corporate Information Manager
> North Somerset Council

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



 This e-mail is from Dechert LLP, a law firm, and may contain information
that is confidential or privileged. If you are not the intended recipient,
please delete the e-mail and any attachments, and notify the sender. Dechert
LLP is a limited liability partnership registered in England & Wales
(Registered No. OC306029) and is regulated by the Law Society of England &
Wales. A list of names of the members of Dechert LLP (who are solicitors or
registered foreign lawyers) is available for inspection at its registered
office, 160 Queen Victoria Street, London EC4V 4QQ.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^