The fact that its someone else's disciplinary proceedings doesn't necessarily mean the person making the SAR may not have a legitimate interest in the information.

None of us, other than the original poster, know the facts of this case. This is what the OP wrote:

> Scenario is this.  Data subject (staff) makes subject access request.  Emails to and from the data subject deal with 3rd party disciplinary and grievance issues sent to data subject in the course of work.  Some of the stuff is sensitive data.  Question is - should the 3rd party data be redacted out in responding to the SAR even though the data subject has seen it and may even still have access to email copies?  

This is a member of staff who has sent and received emails in the course of his or her work relating to the events involved in the disciplinary.  To speculate: suppose the proceedings involve alleged bullying, and the member of staff making the SAR has witnessed key episodes and reported them? Or is alleged to have turned a blind eye to them?  An error in what is recorded about his involvement could mean that (a) his reputation will be unfairly damaged or (b) the disciplinary proceedings may reach an unjust conclusion and an innocent colleague is dismissed or a bully is wrongly cleared.

Disclosure may well be reasonable in the circumstances. Or if the facts are different, may not be. It depends on "the circumstances" and we don't know them.

Maurice Frankel
Campaign for Freedom of Information

On 7 Jun 2011, at 8:56, Andrew Goodfellow wrote:

> [...]

> Re: the 7(4) - 7(6) points, given that we're talking about someone else's disciplinary(?) I think you'd struggle to justify that release was reasonable in all the circumstances in this instance.

     All archives of messages are stored permanently and are
      available to the world wide web community at large at
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)