Hi

It seems obvious that the original department was pretty lax in establishing the conditions under which discussions with the student were held, there would be scope to tighten up that area of staff-student interaction.

This unfortunately would preclude a fully confidential discussion with any student forevermore. Although of course no such discussion could ever be fully confidential if the student came out with serious enough stuff to warrant disclosure.

I speak as someone who has occasionally had discussions with students about their academic performance and reasons why it is not up to scratch. I've never announced confidentiality but then I've only had discussions with students who (I think) would assume my confidentiality. Thankfully I've never had the kind of conversation where I would have had to disclose the contents to the University at large or the Police. I have managed to turn one student around spectacularly; to him eventually getting a first rather than failing or dropping out, and as a sometimes uni lecturer I would really be worried if all conversations with students were subject to a 'routine' disclosure warning because I would think that would harm the potential effectiveness of those conversations.

So I have no advice here, just ponderings.

One question that crops up in my mind is the severity of these illegal activities - are they simple misdemeanours (e.g. all students in residences seem to steal at least one road cone at some time),  the nature of 'might pose a threat' (e.g. influence them to steal a road cone vs. the more serious gun example quoted earlier). Another question is the firmness of evidence; 'gleaned' is the word used earlier.

If things aren't too severe this student could simply be advised that a year out is the best route - a dose of the 'real' world often does wonders. This can be given by the 'confidential' discussant under the rubric of 'I hear (because department B asked us about your performance) that you have applied for dept B: Given your past performance it is likely that this application would be refused, but I imagine that the situation could well change if you went to work for a year and came back with good work-place references showing that you have a new attitude to self-application.' But note no point in compounding things, in this case the advice should reflect reality.

If on the other hand there is a real and serious (nb serious) treat to other students, then (I am not giving legal advice, just speaking as a lay person) presumably there is a need for police etc involvement.

I see advice from Antionette Carter has just arrived, it looks good to me.

regards
mark







On Tue, May 19, 2009 at 2:51 PM, Simon Howarth <[log in to unmask]> wrote:
My apologies, regarding my message below. I don't mean 3(b) in the first
paragraph, I meant 3(a)(ii) - sorry.

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 19 May 2009 14:26
To: [log in to unmask]
Subject: Re: [data-protection] confidential information and internal data
re-use

Firstly, why can't you use the vital interests? At least in so far as
schedule 3 is concerned 3(b) "...protect the vital interests of another
person". That covers sensitive information - would it cover "the commission
or alleged commission of any offence"?


In so far as Schedule 2 is concerned I would say that the protection of
other people falls within either para 3 and/or para 6. I would suggest that
you can therefore legitimately share this information so long as you are
certain of the "facts".

If something is given confidentially then of course confidentiality should
be maintained. However, if they are involved in illegal activity, then do
you not have recourse to section 29?

As for which option is best. Much better to incur the "wrath" of one angry
student, than the wrath of everyone if they end up doing serious harm to
someone, or God forbid, going on the rampage with a gun (extreme example,
but you get my drift).

This is just off the top of my head....

Simon Howarth.

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Okey, Andrew
Sent: 19 May 2009 14:05
To: [log in to unmask]
Subject: [data-protection] confidential information and internal data re-use

Colleagues,

Your opinion would be welcome on the following scenario:

When students first register at Lancaster University they are given a
Fair Processing notice that makes clear to them that data collected by
any part of the university may be used in support of all the
typical/routine functions of the university, including the management of
academic programmes, the operation of disciplinary and welfare services
etc. It is also made clear that information will be shared amongst staff
when (but only when) there is an operational need.

Student X performs poorly in his chosen course, and asks to restart on a
new course. In considering X's restart request the admissions office
collates information on X's status, performance and personal history to
date, including formal records of disciplinary action taken against X on
one occasion.

In my role as DP office, I am then approached by X's original academic
department, who indicate they have had several conversations with the
student, which the student believed to be confidential, and which were
conducted so that the department could better understand what was
affecting X's academic performance. The information gleaned from those
conversations suggest that X could potentially be (a) involved in some
illegal activity and/or (b) that they might pose a threat to the
wellbeing of other students he may come into contact with.

Do I advise the department to pass this information to the admissions
operation? The main argument against would be that of Fair Processing -
the data (some of it possibly sensitive) was collected for one purpose,
and is now to be used for a very different one, with the student not
having been approached about this (and, because the data is probably at
least partly sensitive, that means we need consent, which I doubt will
be forthcoming).

The main argument in favour would be that we have a broader duty to
protect other students, which means we have to use this data to inform
our decision about restart. This course of action places more weight on
our duty of care than on our observance of DP law - after all, X is not
a threat to HIMSELF, so we can't  use the "vital interests" argument.

Anyone want to comment on which of the two issues we'd be better off
being sued for? Or is there a way out of this mess?

Thanks


Andrew Okey
Administrative Officer
Student Registry
Lancaster University
[log in to unmask]
01524-592138 (internal ext: 92138)




^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    All archives of messages are stored permanently and are
     available to the world wide web community at large at
     http://www.jiscmail.ac.uk/lists/data-protection.html
    If you wish to leave this list please send the command
      leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list
owner
             [log in to unmask]
 Full help Desk - please email [log in to unmask] describing your
needs
       To receive these emails in HTML format send the command:
        SET data-protection HTML to [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    All archives of messages are stored permanently and are
     available to the world wide web community at large at
     http://www.jiscmail.ac.uk/lists/data-protection.html
    If you wish to leave this list please send the command
      leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list
owner
             [log in to unmask]
 Full help Desk - please email [log in to unmask] describing your
needs
       To receive these emails in HTML format send the command:
        SET data-protection HTML to [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    All archives of messages are stored permanently and are
     available to the world wide web community at large at
     http://www.jiscmail.ac.uk/lists/data-protection.html
    If you wish to leave this list please send the command
      leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
             [log in to unmask]
 Full help Desk - please email [log in to unmask] describing your needs
       To receive these emails in HTML format send the command:
        SET data-protection HTML to [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)