one know which legal basis we should rely on to send special category data to insurers? The only relevant one I can see is Article 9(1)(g) GDPR and Schedule 1, part 2 section 20 DPA 18; however I am not entirely sure what sub-paragraph 2 of section 20 is saying!
Hypothetical scenarios:
1. University insurers provide cover to staff and students for overseas trips, placements, etc. If we need to make a claim under our policy in respect of a traveller and we need to send special category data to our insurers so the claim is paid out, and the student or staff member refuses consent (whether consent is requested by us or is proactively refused by the individual), can we rely on Sch. 1 (20) DPA 18 to disclose?
2. University insurers also cover financial settlements we may want make in respect of complaints, for example. To confirm that they will cover a proposed settlement, they want to see the complaint case file and our findings, to see if we have reached a reasonable conclusion which warrants a payout that they are expected to cover under our policy. The case files contain special category data. Can we rely on Sch. 1 (20) DPA to disclose? If not, I presume info could be provided in a redacted form, as long as it didn’t render it meaningless. If it did render it meaningless, redaction would not be an option.
In both scenarios, if the Sch. 1 condition doesn’t apply, does this mean we (and all other organisations who have these kinds of issues) are in a position where it is either freely given consent, or we do not get reimbursed under our policy (or choose not to provide cover, which I don’t think would be an option)?
Thoughts appreciated!
Thanks,
Claire
Claire Miller
Information Governance Manager
Legal Services
University of Central Lancashire
[University of Central Lancashire 1828 - 2018]
Please consider the environment before printing
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
