No, I was not thinking of FOI in the sense of trying to protect personal
data as the DP/FOI interaction can be conceived of in some senses as a
boundary between the public/private.
Applying some demonstrably widely held privacy concepts and then using that
very old ruse "What are you afraid of" interestingly reveals that people
would also have to be concerned about the malice of others in situations
where FOI is constructively used to control the processing of personal data
for processes similar to that starting the discussion in this thread;
Potentially a very worrying situation for individuals in many areas as using
FOI and the Durant decision to obtain such data would invariably cause a
much wider and potentially damaging circulation of speculative comment or
the alleged personal data referenced.
In my opinion using the DPA causes an inclusion of methods for ensuring
veracity and accuracy as well as other protections inherent in the original
bases for that regulation. Whilst those will undoubtedly eventually lead to
some rigid social structures in many circumstances where narrow
interpretations are used, provided the regulations retain provision for very
broad interpretations those unweildy structures should die off in the normal
way.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> Marchini, Renzo
> Sent: 26 July 2007 20:15
> To: [log in to unmask]
> Subject: Re: Candidates of concern
>
>
> Ah yes, the Collie case on the interaction between DPA and
> FOI. If personal data is narrow (as per Durant) then it has a
> knock on effect on the FOIA personal data exemption
>
> ----- Original Message -----
> From: This list is for those interested in Data Protection
> issues <[log in to unmask]>
> To: [log in to unmask] <[log in to unmask]>
> Sent: Thu Jul 26 15:10:07 2007
> Subject: Re: [data-protection] Candidates of concern
>
> Renzo,
>
> Thank you for the correction, I was thinking of the new
> personal data definition case which keeps being reported as
> progressing towards the House of Lords and seems to be
> typically referred to as raising Durant type issues, and then
> confusing them. (I believe it is an NHS case. Masons will
> have full details of the case name as they have been
> including it within their update sessions.)
>
> I suppose the House of Lords must be trying to pick a case
> which would allow them to provide an appropriate answer to
> perceived needs.
>
> I hope you do not mind me cc'ing the list with this response
> as clearly people there need to be aware of the mistake/misquote.
>
> Ian W
>
> -----Original Message-----
> From: Marchini, Renzo [mailto:[log in to unmask]]
> Sent: Thursday, July 26, 2007 1:54 PM
> To: Ian Welton
> Subject: RE: [data-protection] Candidates of concern
>
>
> Ian
>
> Have I missed something? I thought Durant in the House of
> Lords was over in November 2005 (they refused to hear the appeal).
>
> Do you know otherwise? Has something more recent happened?
>
> Renzo
>
>
> Renzo Marchini
> Dechert LLP
> +44 (0) 20 7184 7563 direct
> +44 (0) 20 7184 7001 fax
> [log in to unmask]
> www.dechert.com
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 26 July 2007 13:51
> To: [log in to unmask]
> Subject: Re: [data-protection] Candidates of concern
>
> Peter,
>
> Considering the Durant UK Court of Appeal decision this type
> of communication may or may not be personal data, dependent
> upon how it is held by the data controller. Considering the
> EU Article 29 Working Party latest opinion (post Durant) this
> is most definitely personal data. Opinion 4/2007 on the
> concept of personal data of 20th June 2007. Considering the
> Durant House of Lords appeal this area in the UK continues in flux.
>
> Considering the application of the CRB and official vetting
> procedures this may be excessive for purpose if it does not
> form part of those processes.
>
> Looking at the issues ongoing within the UK, and allegedly
> immanent revision by the ICO of their guidance in this area
> it could be prudent to await the ICO's guidance and the
> documented House of Lords decision prior to finalising any actions.
>
> Meanwhile it sounds as if it would be prudent to at least
> identify the following to progress the work, allowing as
> early a resolution as possible, and doing so may even resolve
> the matter:-
>
> 1. How is the data held? (Unstructured correspondence file,
> structured file, or other method) 2. How is any further data
> subsequently obtained used, by whom, and would that use be
> legitimate? 3. What organisational policies exist regarding
> that type of correspondence and data? 4. Who authorises any
> retention, do they have sufficient knowledge of all the
> potential legal implications to make an authoritive decision
> about that? 5. What retention periods exist? 6. What recourse
> does a data subject have to decisions made about them based
> on the correspondence or data obtained, is this material
> treated as secret information to be influential during the
> shortlisting stage, used at an early stage, or for use later
> during any interview process. 7. Is it feasible to conduct an
> audit on the actual data these correspondents hold as a means
> of finding out what the personal data held by those data
> controllers actually consists of? Would the ICO would be in
> a position to do that if requested? :-)
>
> Others on the list will no doubt be able to provide other
> questions which will require answering.
>
> As you will have gathered this area is currently very topical
> so there may well be strong issues raised, and much fence
> sitting. The ICO has apparently stated they can reconcile all
> of the currently conflicting rulings and advice so getting
> them to audit the actual data if possible would seem
> logically to be most helpful for them.
>
> If the system is strongly supported you will probably find it
> advantageous to raise any policy issues and risks after
> incorporating the published House of Lords decision.
>
>
> Ian W
>
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Peter Rooney
> > Sent: 26 July 2007 08:25
> > To: [log in to unmask]
> > Subject: Candidates of concern
> >
> >
> > Dear All,
> >
> > Our HR department has received a letter from another Local
> Authority
> > which gives personal identification details (names, addresses, n.i.
> > no., d.o.b.)
> > about an individual and a message to the effect that if this
> > person should
> > apply for any job whatoever with us we should call the named
> > officer at
> > this LA. It give no reasons (it could be that they looking for the
> > individual or perhaps the individual is unsuitable as an
> employee) or
> > further details. On enquiring I am led to understand that
> > this type of
> > letter is not a rare occurrence, that we have other such
> > contacts on file,
> > and that some departments (childrens and adult social services
> > particularly) receive quite a number of such "warnings".
> >
> > The letter was addressed to "all local authorities", I'd be
> grateful,
> > therefore, to hear about the approaches that other LAs are
> taking to
> > holding these kinds of records and how they justify doing so in DPA
> > terms? I'm sorry if I have missed this issue being raised
> > previously. The ICs
> > office have no experience of this practice, I have checked there.
> >
> > Many thanks.
> >
> > Peter Rooney
> > Corporate Information Manager
> > North Somerset Council
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|