Print

Print


I had rather meant more from the disclosure point of view.

For example:-

1. Who determines and how if any exemption request is a fishing expedition;
2. Are the costs of servicing exemption requests a determinant in
formulating a policy?
3. What monitoring if any of serviced exemptions takes place?
4. What defines fishing, rather than a focused enquiry which appropriately
exercises an exemption?

This case seems to indicate that routine access to and checking of personal
data could not have warranted the application of an exemption.
If the access to the personal data had been less frequent, or ostensibly
more focused material wise, could an exemption have been claimed?
Was the method of access the real problem, or the disclosures gained by that
access?

A great many DP implications appear to be embedded in the reported outcome
to the case.

Ian W


Date:    Sat, 27 Jan 2007 21:07:50 -0000
From:    Doherty Michael <[log in to unmask]>
Subject: FW: [data-protection] Training in the appropriate application of
exemptions

Evening All,

Accidentally sent this just to Ian. Any other volunteers?

Michael Doherty

-----Original Message-----
From: Doherty Michael
Sent: 27 January 2007 21:04
To: 'Ian Welton'
Subject: RE: [data-protection] Training in the appropriate application of
exemptions

Ian,

You might be interested in my parent organisation's policy instructions.

http://www.kent.police.uk/About%20Kent%20Police/Policy/d/d07.html

Regards,

Michael Doherty
(Currently working for the Home Office!!!)

-----Original Message-----
From: Ian Welton [mailto:[log in to unmask]]
Sent: 27 January 2007 15:48
To: [log in to unmask]
Subject: [data-protection] Training in the appropriate application of
exemptions


Food for thought: -

http://news.bbc.co.uk/2/hi/uk_news/6301243.stm - Pair Jailed over royal
phone taps. http://news.bbc.co.uk/1/hi/help/3681938.stm - Royal coverage put
in the spotlight.

In any organisation, who initially determines the point at which an
exemption should apply and where it should not?

Perhaps more importantly what tests, generic parameters, scales or
guidelines are utilized or available, and how are they tailored to match an
organisations requirement in applying determinations of that type?

How often do those mechanisms/policies/procedural guidelines require
reviewing?

Ian W

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^