JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for DATA-PROTECTION Archives


DATA-PROTECTION Archives

DATA-PROTECTION Archives


data-protection@jiscmail.ac.uk


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

DATA-PROTECTION Home

DATA-PROTECTION Home

DATA-PROTECTION  October 2011

DATA-PROTECTION October 2011

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: Subject Access/Health & Safety Query

From:

"Baines, Jonathan" <[log in to unmask]>

Reply-To:

Baines, Jonathan

Date:

Fri, 7 Oct 2011 12:19:23 +0100

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (199 lines)

Can't agree with the first paragraph. Just because a person is employed by and acting on behalf of a data controller cannot mean they are not "another individual" under s7(4). 

The ICO's guidance deals with this to an extent where it says "Responding to such subject access requests may involve providing information relating to another individual (a 'third party individual'). For instance, if the requested information is a personnel file on an employee, it may contain information identifying managers or colleagues who have contributed to (or are discussed in) that file. This may lead to a conflict between the requesting employee's right of access and the third party's rights over their own personal information." (http://www.ico.gov.uk/for_organisations/data_protection/~/media/documents/library/Data_Protection/Detailed_specialist_guides/SAR_AND_THIRD_PARTY_INFORMATION_100807.ashx) 

By your argument the manager or colleague are only an agent of the data controller and don't have those third party rights over their own personal information.

Surely the need to consult every member of staff before releasing information in response to a SAR is obviated by 7(4)(b).

Jonathan Baines
Legal and Democratic Services
Buckinghamshire County Council
01296 383681


-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: Friday 07 October 2011 10:42
To: [log in to unmask]
Subject: Re: [data-protection] Subject Access/Health & Safety Query

I don't think a member of staff is a third party if they are acting in the course of their employment.  They are an agent of the Data Controller. 
(Otherwise, you would have to consult every member of staff who had contributed to a record before making any Subject Access release.)

Also, you can't delete the comment before responding to the Subject Access Request, unless this would have happened anyway as a matter of routine.

I can't see an alternative to releasing the information.  My best suggestion is a heavy duty warning to the Data Subject that any retaliatory action will get them into a heap of trouble.


Paul Ticher
0116 273 8191
www.paulticher.com
22 Stoughton Drive North, Leicester LE5 5UB


----- Original Message -----
From: "Piers Margetts" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, October 06, 2011 3:32 PM
Subject: Re: Subject Access/Health & Safety Query


There is some really good guidance and examples in the recent guidance 
document issues by the ICO about releasing information in complaint files 
which can be found at 
http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Practical_application/access_to_information_held_in_complaint_files.ashx

Big difficulty as you have said is that the person recording the comment is 
in a public facing role and their identity would reasonably be known 
irrespective of whether you redact any names. You could go down the consent 
route, if the author does not give consent and they have real concerns as to 
their safety, then you could argue that it is not reasonable in all 
circumstances to release in the absence of consent. My view is that unless 
there is very real evidence that releasing this information will endanger 
the author I believe that you have no option but to release it.

Piers

From: This list is for those interested in Data Protection issues 
[mailto:[log in to unmask]] On Behalf Of Steve Hunter
Sent: 06 October 2011 14:41
To: [log in to unmask]
Subject: [data-protection] Subject Access/Health & Safety Query

Hi all

Need your help/views on a potential scenario.

Customer X is currently going through a complaint and as a result he is 
refusing to pay for his services. During the investigation and processing of 
his complaint, the individual has become irate with the way his request has 
been handled and has visited our premises on several occasions appearing 
angry and demanding to speak to senior managers - who have had to cool him 
down. This behaviour has been reflected in his phone calls to our 
Income/Finance team who are dealing with his bill. At times, calls have had 
to be terminated. On one day he spoke with an employee and there was an 
exchange about his unpaid bill. Following the telephone conversation, the 
member of staff on her file note suggests that the 'customer is arrogant'.

Surprise, surprise - Customer X submits a Subject Access request. Due to his 
previous behaviour, the service manager and the manager who met with him on 
the last occasion are concerned (due to his previous behaviour) that he 
could pose a health and safety risk to the author of the comment. I'm of the 
view that no exemption under the DPA or the wording of Section 7-9 offers us 
any help in this case, however the Service Manager and our H&S Officer are 
keen to see the duty to protect the H&S of the employee override the access 
rights of individual and suggest that this comment should be redacted. Is 
there anything under the Act that could allow for this? I am under the 
impression there isn't and I feel that the information should be disclosed. 
After all, staff are advised not to make such comments.

Redacting the name of the employee is futile, as the individual will know 
who he has spoken to at the time.

Any thoughts?

Could the individual serve a Section 10 notice due to the potential damage 
to them or the distress/fear of reprisals?

Thanks

Steve
________________________________

All archives of messages are stored permanently and are available to the 
world wide web community at large at 
http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the 
email if you are receiving emails in HTML format):

  *   Leaving this list: send leave data-protection to 
[log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
  *   Suspending emails from all JISCMail lists: send SET * NOMAIL to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
  *   To receive emails from this list in text format: send SET 
data-protection NOHTML to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
  *   To receive emails from this list in HTML format: send SET 
data-protection HTML to 
[log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>

All user commands can be found at 
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an 
otherwise blank email to 
[log in to unmask]<mailto:[log in to unmask]>

Any queries about sending or receiving messages please send to the list 
owner 
[log in to unmask]<mailto:[log in to unmask]>

(Please send all commands to 
[log in to unmask]<mailto:[log in to unmask]> not the list or the 
moderators, and all requests for technical help to 
[log in to unmask]<mailto:[log in to unmask]>, the general office 
helpline)

________________________________

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at 
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list 
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your 
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Buckinghamshire County Council
Visit our Web Site : http://www.buckscc.gov.uk
Buckinghamshire County Council Email Disclaimer

This Email, and any attachments, may contain Protected or Restricted information and is intended solely for the individual to whom it is addressed.  It may contain sensitive or protectively marked material and should be handled accordingly.  If this Email has been misdirected, please notify the author or [log in to unmask] immediately.  If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately.  Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify.  You should therefore carry out your own anti-virus checks before opening any documents.  

Buckinghamshire County Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this email. 

All GCSx traffic may be subject to recording and / or monitoring in accordance with relevant legislation.

The views expressed in this email are not necessarily those of Buckinghamshire County Council unless explicitly stated.

This footnote also confirms that this email has been swept for content and for the presence of computer viruses.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Top of Message | Previous Page | Permalink

JISCMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000
1999
1998


WWW.JISCMAIL.AC.UK

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager