I think we may be missing the point here. The promotions board are not third parties, they are clearly acting on behalf of the data controller as either employees or agents, so the have no way of hiding behind confidentiality. Let them be responsible for their decisions. Chris Tinsley Wiltshire County Council -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Duncan Smith Sent: 20 October 2004 13:19 To: [log in to unmask] Subject: Re: [data-protection] Consent ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The information contained in this correspondence is not intended as legal advice or counsel, and is not represented as such by the sender. iCompli Ltd. makes no warranties or statements regarding the legal acceptability of the information presented in this correspondence. Any actions performed as a result of this information are of the recipient's own choosing. ---------------------------------------------------------------------------- ------------------- Gwenan, We recently gave a presentation to HR decision makers on the subject of Confidentiality and recent case law. You may find the slides useful, and can be downloaded here: http://www.icompli.co.uk/latestnews/view.asp?nID=29 Of particular interest to you here will be the Johnson v MDU ruling which (amongst other things) gives us some guidance on disclosure of third party information. The main point made was "Begin with the presumption that information relating to a third party should NOT be disclosed without consent", then consider whether the data subject's desire for information outweighs your duty of confidentiality to the third party. This judgement is not easy and will require tests of reasonableness and proportionality (see slides). TICO guidance on this (in the employment code of practice) may have to be revised as their flow chart suggests that it is ok to withhold information without carrying out the judgements mentioned above. Regards, Duncan S Smith Managing Director iCompli Limited Northampton UK T: 08707 70 48 66 F: 08707 70 48 69 M: 07775 56 81 80 Mailto:[log in to unmask] Web: www.icompli.co.uk "Compliance in your language" -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Gwenan Owen Sent: 18 October 2004 13:08 To: [log in to unmask] Subject: [data-protection] Consent I'd be grateful for the list's opinion on the following: I've received a SAR from a member of staff following an unsucessful promotions attempt. The staff member specified that they were only interested in documents relating to the promotions committee's deliberations of their case. As part of our promotions committee procedures members of the committee are given sheets where they "rank" individuals, having read through the individuals' submissions and any references. The promotions committee members were not told in 2004 that their comments might be made available to the individual concerned (something we are going to change for the 2005 round). Because of this I decided that I would need consent from the promotions committee members to show their ranking sheets to the individual, most have agreed a few have not and they've been withheld. The data subject has challenged my view on this by saying that the process should be completely transparent, that there is no need for me to ask for consent from the committee members and the ranking sheets should be made available to him. I would be grateful of the list's view on this ... thanks Gwenan -- ______________________________________________________________________ Gwenan Owen Rheolwr Cofnodion y Brifysgol/University Records Manager, Gwasanaeth Llyfrgell, Archifau a Rheoli Cofnodion/ Library, Archives and Records Management Service Gwasanaethau Gwybodaeth/Information Services, Prifysgol Cymru, Bangor/University of Wales, Bangor, Ffordd y Coleg/College Road, Bangor, Gwynedd LL57 2DG, UK ffôn/tel: (01248) 38 2413 ffacs/fax: (01248) 38 8194 [log in to unmask] ______________________________________________________________________ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^