Sounds like the emails are actually not the personal
data of the data subject - they fail the Durant test since they are work
related and do not have the subject as their focus.
Perth and Kinross
I'd appreciate any thoughts from all you experienced folk
out there on this one.
Scenario is this. Data subject (staff) makes
subject access request. Emails to and from the data subject deal with 3rd
party disciplinary and grievance issues sent to data subject in the course of
work. Some of the stuff is sensitive data. Question is - should the
3rd party data be redacted out in responding to the SAR even though the data
subject has seen it and may even still have access to email copies?
I've taken the view that it is not appropriate or reasonable to leave
this type of 3rd party data unredacted in supplying copies under SAR even though
the data subject will have seen the material and indeed may have retained it
within a work context.
Is this the right approach to take in this
Grateful for any views on this.
All archives of messages are stored permanently and are available
to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the
email if you are receiving emails in HTML format):
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
(Please send all commands to [log in to unmask] not the list
or the moderators, and all requests for technical help to [log in to unmask], the general