Graeme,
The ICO has got some guidance on potentially violent persons which I
think is of some relevance to you
http://www.ico.gov.uk/upload/documents/library/data_protection/practical
_application/use_of_violent_warning_markers.pdf
In short, the guidance tells us that we should normally notify
individuals if we add them to such a register.
Hope this is of some use.
Ronan.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Graeme Hawley
Sent: 10 December 2009 12:38
To: [log in to unmask]
Subject: [data-protection] Subject access to risk log[Scanned]
Apologies if this has come up before, but I am trying to establish what
to do in
the following scenario:
As part of a SAR recovery, a risk log is retrieved which shows what
risks the
data subject may pose to the organisation. The data subject is an
employee
of the organisation.
My thoughts are as follows:
If a risk log existed about me, I would like to know what the risks were
that
people considered I posed so that I had an opportunity to correct any
information that I belived to be innaccurate.
That said, risk is about perception, and entires on a risk log may be
difficult to
assess in terms of what is hard fact and what is supposition. The point
of a
risk log is to imagine scenarios.
All the same, the log could potentially be a very sensitive document,
and may
have an impact on decisions made about the individual. On the other
hand,
the organisation surely has a right to identify risks posed to it so
that it can
manage them.
Bearing all of the above in mind, what do people think of the following
take on
the scenario:
Disclose the first half of the log wich lists what the risks are, but
not disclose
the ranking and the mitigating actions that the organisation is taking
to deal
with the risks.
Any thoughts would be most welcome
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|