Public Pastes
SHARE
TWEET

Universal Job Match adverse processing of personal data

a guest Jun 4th, 2015 534 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ----- Original message -----
  2. From: casework@ico.org.uk
  3. To: [redacted]
  4. Subject: Your DPA query about the DWP,MWS and UJM[Ref. RFA0580147]
  5. Date: Fri, 15 May 2015 [redacted]
  6.  
  7. 15 May 2015
  8.  
  9. *Case Reference Number RFA0580147*
  10.  
  11. Dear [redacted],
  12.  
  13. Thank you for your enquiry in relation to the role of the DWP in
  14. relation to information held by work programme (WP0 contractors,
  15. www.myworksearch.co.uk[1] and the Universal Job Match (UJM) system.
  16.  
  17. We want to know how organisations are doing when they are handling
  18. information rights issues. We also want to improve the way they deal
  19. with the personal information they are responsible for. Reporting your
  20. concerns to us will help us do that.
  21.  
  22. Our role is not to investigate or adjudicate on individual concerns but
  23. we will consider whether there is an opportunity to improve the practice
  24. of the organisations we regulate. We do this by taking an overview of
  25. all concerns that are raised about an organisation with a view to
  26. improving their compliance with the Data Protection Act 1998.
  27.  
  28. In broad terms, the DWP is data controller for the all the information
  29. processed by all WP contractors dealing with work programme participants
  30. (customers) on behalf of the DWP. This is because the WP contractors are
  31. only processing the customers’ information while performing functions of
  32. the DWP on the DWP’s instruction.
  33.  
  34. The most common occasion when information might be held by a WP
  35. contractor about DWP customers that is not within the data
  36. controllership of the DWP (and instead fall within the WP contractor’s
  37. own data controllership) is when professional standards type complaints
  38. are made by customers to the work programme contractor about the
  39. contractor’s staff. In such circumstances it is the WP contractor who
  40. would be data controller for the information processed in the course of
  41. its handling of the complaint made by the DWP customer about the
  42. contractor’s employee.
  43.  
  44. At this time we consider it reasonably clear that the DWP is data
  45. controller for the personal data held, and processed, by its contractors
  46. in the course of their normal functions – including MWS. Because it is
  47. considered within the reasonable expectations of the customers that the
  48. DWP is the data controller it is not essential for this to also be
  49. explicitly stated in the terms and conditions.
  50.  
  51. We do however appreciate your concern about this matter. We have
  52. therefore recorded your concern about this and will see if it is shared
  53. by other people.
  54.  
  55. You then ask about the DWP’s data controllership over information kept
  56. on UJM. I can advise you that the DWP is the data controller for the
  57. customer information kept on UJM. The DWP cannot however arbitrarily
  58. access and use the information that a customer keeps in their UJM
  59. account for considering the customer’s entitlement to benefits.
  60.  
  61. To use the customer’s UJM data for considering a customer’s entitlement
  62. to benefits the DWP needs the specific permission of the customer. This
  63. is because of the fair processing requirement of the first data
  64. protection principle.
  65.  
  66. While the DWP is already the data controller for the information, it
  67. would be considered ‘unfair’ for the UJM information to be used to
  68. consider the customer’s JSA (or similar benefit) claim without the prior
  69. permission of the customer being obtained by the DWP.
  70.  
  71. I hope that this information is helpful to you.
  72.  
  73. Yours sincerely,
  74. [redacted]
  75.  
  76.  
  77.  
  78. ____________________________________________________________________
  79.  
  80.  
  81.  
  82. The ICO's mission is to uphold information rights in the public
  83. interest, promoting openness by public bodies and data privacy for
  84. individuals.
  85.  
  86.  
  87. If you are not the intended recipient of this email (and any
  88. attachment), please inform the sender by return email and destroy all
  89. copies. Unauthorised access, use, disclosure, storage or copying is not
  90. permitted.
  91.  
  92. Communication by internet email is not secure as messages can be
  93. intercepted and read by someone else. Therefore we strongly advise you
  94. not to email any information, which if disclosed to unrelated third
  95. parties would be likely to cause you distress. If you have an enquiry of
  96. this nature please provide a postal address to allow us to communicate
  97. with you in a more secure way. If you want us to respond by email you
  98. must realise that there can be no guarantee of privacy.
  99.  
  100. Any email including its content may be monitored and used by the
  101. Information Commissioner's Office for reasons of security and for
  102. monitoring internal compliance with the office policy on staff use.
  103. Email monitoring or blocking software may also be used. Please be aware
  104. that you have a responsibility to ensure that any email you write or
  105. forward is within the bounds of the law.
  106.  
  107. The Information Commissioner's Office cannot guarantee that this message
  108. or any attachment is virus free or has not been intercepted and amended.
  109. You should perform your own virus checks.
  110.  
  111. __________________________________________________________________
  112.  
  113.  
  114. Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
  115. Cheshire, SK9 5AF
  116.  
  117. Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk
  118.  
  119. Published with permission from ICO
RAW Paste Data
Top