Thanks for your reply Phil.

In this case it is a neighbour (Mr YYY) who has written in about a
nighbour's property. The letter only contains Mr YYY's name and address. It
is the subject line Re: Mr XXX The House, The Road, The Town which is the
personal data of the data subject making the request. The content of the
letter is just a one-liner acknowledging receipt of Mr YYY's letter. It is
easy to remove the third party references and still not to identify him.

It just crossed my mind that if these two were 'fighting over the fence'
then if the third party says he knows Mr. XXX has made a SAR, he may wonder
what else we might have told him - which is nothing.

Brenda

Brenda Scourfield
Team Leader,
I.T.
Pembrokeshire County Council,
County Hall,
Haverfordwest.
SA61 1TP
 
01437 775380
 
 
 
 
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Bradshaw, Phillip
Sent: 22 January 2010 12:58
To: [log in to unmask]
Subject: Re: [data-protection] Third party permission to disclose

I don't think one can give a hard and fast rule here. It
 Brenda

I don't think one can give a hard and fast rule here. It all depends on the
nature of the information.

Sometimes the identity of the requester cannot in practice be concealed e.g.
if the requester is one of two joint tenants, or the subject of a complaint,
when you ask for consent the third party can almost certainly infer who the
request came from. But if you can make it anonymous you should.

If I was seeking consent I would actually indicate the nature of the data
which might be disclosed because without that I do not see how the subject
can make an informed decision.

In practice I avoid this issue like the plague* and unless the person making
the SAR supplies consent I make the s7(4) assessment on a 'no consent'
basis. There is nothing in DPA which requires me to seek that consent on
behalf of the person making the request I.e I use 7(4)(b) rather than
7(4)(a).

* On the odd occasions I have tried. it typically descends into an "I'll
show you mine if you show me yours" farce with the third party making
consent conditional on me telling him who made the SAR ... And the person
making the SAR making the same condition when I ask permission for that !


Phillip Bradshaw

Information Manager, Cardiff Council
Rheolwr Gwybodaeth, Cyngor Caerdydd


Information Management Services Gwasanaethau Rheoli
Gwybodaeth
Room CY4A
Ystafell CY4A
County Hall Neuadd y Sir
Cardiff Caerdydd
CF10 4UW CF10
4UW

Email / Ebost: [log in to unmask]

Phone / Fôn: 029 2087 3346
Mobile : 07890 265987
Fax / Ffacs: 029 2087 3349

Information is the Currency of Democracy


-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Brenda Scourfield
Sent: 22 January 2010 11:40
To: [log in to unmask]
Subject: [data-protection] Third party permission to disclose

When requesting permission to disclose third party data, how much
information should you give about the person making the SAR ? Is this
acceptable or should the personal data of the data subject be withheld ?

'We have received a SAR from Mr XXX, The House, The Road, The Town, XX1 1XX
and personal data identifying you appears in a document. Please will you
inform us whether we have your permission to disclose this to Mr XXX'

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

**********************************************************************
Privileged/Confidential Information may be contained in this message. If you
are not the addressee indicated in this message (or responsible for delivery
of the message to such person), you may not copy or deliver this message to
anyone. In such case, you should destroy this message and kindly notify the
sender by reply email. Please advise immediately if you or your employer
does not consent to Internet email for messages of this kind. Opinions,
conclusions and other information in this message that do not relate to the
official business of the Council of the City and County of Cardiff shall be
understood as neither given nor endorsed by it. All e-mail sent to or from
this address will be processed by Cardiff County Councils Corporate E-mail
system and may be subject to scrutiny by someone other than the addressee.
**********************************************************************
Mae'n bosibl bod gwybodaeth gyfrinachol yn y neges hon. Os na chyfeirir y
neges atoch chi'n benodol (neu os nad ydych chi'n gyfrifol am drosglwyddo'r
neges i'r person a enwir), yna ni chewch gopio na throsglwyddo'r neges. Mewn
achos o'r fath, dylech ddinistrio'r neges a hysbysu'r anfonwr drwy e-bost ar
unwaith. Rhowch wybod i'r anfonydd ar unwaith os nad ydych chi neu eich
cyflogydd yn caniatau e-bost y Rhyngrwyd am negeseuon fel hon. Rhaid deall
nad yw'r safbwyntiau, y casgliadau a'r wybodaeth arall yn y neges hon nad
ydynt yn cyfeirio at fusnes swyddogol Cyngor Dinas a Sir Caerdydd yn
cynrychioli barn y Cyngor Sir nad yn cael sel ei fendith. Caiff unrhyw
negeseuon a anfonir at, neu o'r cyfeiriad e-bost hwn eu prosesu gan system
E-bost Gorfforaethol Cyngor Sir Caerdydd a gallant gael eu harchwilio gan
rywun heblaw'r person a enwir.
**********************************************************************

--
Scanned by iCritical.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

**************************************************************************************************************
This document should only be read by those persons to whom it is addressed, and be used by them for its intended purpose; and must not otherwise be reproduced, copied, disseminated, disclosed, modified, distributed, published or actioned. If you have received this email in error, please notify us immediately by telephone on 01437 764551 and delete it from your computer immediately. This email address must not be passed on to any third party nor be used for any other purpose.
Pembrokeshire County Council Website - http://www.pembrokeshire.gov.uk
Please Note: Incoming and outgoing e-mail messages are routinely monitored for compliance with our IT Security, and Email/Internet Policy.
This signature also confirms that this email message has been swept for the presence of computer viruses and malicious code.
***************************************************************************************************************
Dim ond y sawl y mae'r ddogfen hon wedi'i chyfeirio atynt ddylai ei darllen, a'i defnyddio ganddynt ar gyfer ei dibenion bwriadedig; ac ni ddylid fel arall ei hatgynhyrchu, copio, lledaenu, datgelu, addasu, dosbarthu, cyhoeddi na'i rhoi ar waith chwaith. Os ydych chi wedi derbyn yr e-bost hwn trwy gamgymeriad, byddwch cystal a rhoi gwybod i ni ar unwaith trwy ffonio 01437 764551 a'i ddileu oddi ar eich cyfrifiadur ar unwaith. Ni ddylid rhoi'r cyfeiriad e-bost i unrhyw drydydd parti na'i ddefnyddio ar gyfer unrhyw ddiben arall chwaith.
Gwefan Cyngor Sir Penfro - http://www.pembrokeshire.gov.uk
Sylwer: Mae negeseuon e-bost sy’n cael eu hanfon a’u derbyn yn cael eu monitro’n rheolaidd ar gyfer cydymffurfio â’n Diogelwch TG, a’n Polisi E-bost/Rhyngrwyd.
Mae'r llofnod hwn hefyd yn cadarnhau bod y neges e-bost hon wedi cael ei harchwilio am fodolaeth firysau cyfrifiadurol a chod maleisus.
***************************************************************************************************************

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^