Ian
No - I think the statement is precise and correct. It relates only to
Condition 6 and necessity. We can still do all you say but that is based
on Condition 1. What we cannot do is rely on Condition 6 in the absence
of consent, instruct staff to submit to a photo , and discipline them
for not obeying a reasonable instruction if they refuse.
In terms of condition 6 :
1. There is no doubt we have a legitimate interest
2. With a proper Privacy Impact Assessment we (or my CO) might
reasonably decide it was not unwarranted
3. But that is irrelevant - it is the requirement of necessity which
scuppers us (or my CO).
Phil Bradshaw
Information Manager
Citizen & Democratic Service
Room CY4A, County Hall
EMail: [log in to unmask]
Phone: 029 2087 3346
Mobile : 07890 265987
Fax: 029 2087 3349
Share a little Knowledge this Christmas
-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]]
Sent: 16 December 2009 13:28
To: [log in to unmask]
Subject: Re: [data-protection] Photos of Staff - Reasonable Work
Instruction
> On that basis and taking into account the comments to the list I find
> publishing photos to the intranet (unlike requiring them for security
> ID's )is not necessary and Condition 6 cannot be used.
Do you not think that is a somewhat wide statement.
If fully and correctly informed data subjects agree to their photographs
being used in a particular manner, then the DPA does not stop, as far as
I am aware, an organisation so doing, providing mechanisms remain in
place to allow data subjects to change their minds if circumstances
change.
Unless the statement merely covered the work instruction portion of the
discussions, in which case I have misunderstood the subject the phrase
applies to.
Ian W
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Bradshaw, Phillip
> Sent: 16 December 2009 12:09
> To: [log in to unmask]
> Subject: Re: [data-protection] Photos of Staff - Reasonable Work
> Instruction
>
>
>
>
> Many thanks to all who have contributed to this discussion.
>
> I am persuaded to put my head on the block and say NO.
>
> I think the ICO has practically answered this in his new
> guide when he says at B9-14:
>
> Many of the conditions for processing depend on the
> processing being "necessary" for the particular purpose to
> which the condition relates. This imposes a strict
> requirement, because the condition will not be met if the
> organisation can achieve the purpose by some other reasonable
> means or if the processing is necessary only because the
> organisation has decided to operate its business in a particular
way.
>
> On that basis and taking into account the comments to the
> list I find publishing photos to the intranet (unlike
> requiring them for security ID's )is not necessary and
> Condition 6 cannot be used.
>
> Phil Bradshaw
>
> Information Manager
> Citizen & Democratic Service
>
> Room CY4A, County Hall
>
> EMail: [log in to unmask]
>
> Phone: 029 2087 3346
> Mobile : 07890 265987
>
> Fax: 029 2087 3349
>
>
> Share a little Knowledge this Christmas
>
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of
> [log in to unmask]
> Sent: 16 December 2009 11:37
> To: [log in to unmask]
> Subject: Re: [data-protection] Photos of Staff - Reasonable
> Work Instruction
>
> A privacy perspective acknowledging the wider environment:-
>
> Could it be argued that photo id's fall within the terms of the
FOI?
> (They are often required to be worn as an adornment and hence
> displayed
> publicly.)
> Does a staff directory published on an intranet fall within
> the terms of the FOI? Do FOI exemptions exist which could
> effectively maintain the truth of the original fair obtaining
> statement(s), that the photographs were for internal or
> restricted publication and use only? (i.e. Is it arguable
> that in the circumstances the personal data exemptions do not
apply.)
>
> The answers to those questions would indicate if the fair
> obtaining statements for photo id's and any photographs in an
> internal staff directory could actually be challenged as
> unfair or misleading.
>
> What alteration, if any, to the risk assessments would the
> answers cause?
>
> An item I was going to include in the DP humour post next
> week fits this quite well.
> Title: Secrecy is sharing:- http://www.geekculture.
> com/joyoftech/joyarchives/1330.html
> (A nod to emergentchaos.com for the link to this.) I
> considered a more apt title would have been 'Secrecy is social'.
>
>
> Ian W
>
>
> > -----Original Message-----
> > From: This list is for those interested in Data Protection
> > issues [mailto:[log in to unmask]] On Behalf Of
> > Phil Bradshaw
> > Sent: 15 December 2009 15:14
> > To: [log in to unmask]
> > Subject: [data-protection] Photos of Staff - Reasonable Work
> > Instruction
> >
> >
> > A Chief Officer wishes to place organisation charts on our
> > intranet (not
> > internet) . The purposes are varied: team building;
> > identification across large
> > teams and various locations etc. 99% staff consent. One or
> > two have said no.
> >
> > When initially approached I advised that without consent that
> > was the end of
> > the matter for those staff. On reflection I am open to
> > persuasion that he can
> > call on Condition 6. His interests are legitimate and if he
> > does a proper PIA and
> > determines that any adverse impact (there does not really
> > seem to be any
> > specific) is justied by the benefits, then in theory we can
> > make a case that
> > there is no breach of DP principles in doing this (assuming
> > we can get a
> > photo !).
> >
> > So two questions on which I seek views (the second not really DP):
> >
> > 1. Can we in principle use Condition 6 or should we regard
> > lack of consent
> > decisive.
> >
> > 2. In either case can we legitimately as employers give a
> 'reasonable
> > insstuction' to staff to participate such that breach may
> > lead to discplinary.
> > Clearly the answer is more likely to be yes if we can use
> > Condition 6 !
> >
> > Would it make a differnce if publishing was in a way that
> > would only make
> > them available to staff in his service area - most of whom
> > would have contact
> > with the persons concerned at some stage anyway.
>
>
>
>
> Find what you're looking for with Tiscali Search -
> http://www.tiscali.co.uk/search
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send
> to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask]
> describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
**********************************************************************
> Privileged/Confidential Information may be contained in this
> message. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such
> person), you may not copy or deliver this message to anyone.
> In such case, you should destroy this message and kindly
> notify the sender by reply email. Please advise immediately
> if you or your employer does not consent to Internet email
> for messages of this kind. Opinions, conclusions and other
> information in this message that do not relate to the
> official business of the Council of the City and County of
> Cardiff shall be understood as neither given nor endorsed by
> it. All e-mail sent to or from this address will be
> processed by Cardiff County Councils Corporate E-mail system
> and may be subject to scrutiny by someone other than the addressee.
>
**********************************************************************
> Mae'n bosibl bod gwybodaeth gyfrinachol yn y neges hon. Os na
> chyfeirir y neges atoch chi'n benodol (neu os nad ydych chi'n
> gyfrifol am drosglwyddo'r neges i'r person a enwir), yna ni
> chewch gopio na throsglwyddo'r neges. Mewn achos o'r fath,
> dylech ddinistrio'r neges a hysbysu'r anfonwr drwy e-bost ar
> unwaith. Rhowch wybod i'r anfonydd ar unwaith os nad ydych
> chi neu eich cyflogydd yn caniatau e-bost y Rhyngrwyd am
> negeseuon fel hon. Rhaid deall nad yw'r safbwyntiau, y
> casgliadau a'r wybodaeth arall yn y neges hon nad ydynt yn
> cyfeirio at fusnes swyddogol Cyngor Dinas a Sir Caerdydd yn
> cynrychioli barn y Cyngor Sir nad yn cael sel ei fendith.
> Caiff unrhyw negeseuon a anfonir at, neu o'r cyfeiriad e-bost
> hwn eu prosesu gan system E-bost Gorfforaethol Cyngor Sir
> Caerdydd a gallant gael eu harchwilio gan rywun heblaw'r
> person a enwir.
>
**********************************************************************
>
> --
> Scanned by iCritical.
Find what you're looking for with Tiscali Search -
http://www.tiscali.co.uk/search
--
Scanned by iCritical.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|