{"id":1608,"date":"2025-02-26T00:08:31","date_gmt":"2025-02-26T00:08:31","guid":{"rendered":"https:\/\/21percent.org\/?p=1608"},"modified":"2025-02-26T00:23:21","modified_gmt":"2025-02-26T00:23:21","slug":"keeping-the-secrets-safe","status":"publish","type":"post","link":"https:\/\/21percent.org\/?p=1608","title":{"rendered":"Keeping the Secrets Safe"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

A Data Subject Access Request (DSAR) is a formal request made by an individual (the “data subject”) to an organization, asking to access the personal data the organization holds about them. This request is a key right under data protection laws.<\/p>\n\n\n\n

When a person makes a DSAR, any organization such as a University must provide the following:<\/p>\n\n\n\n

    \n
  1. Confirmation that personal data about the individual is being processed,<\/li>\n\n\n\n
  2. Access to that personal data, usually in written or electronic format,<\/li>\n\n\n\n
  3. Details about the processing, such as who it\u2019s been shared with.<\/li>\n<\/ol>\n\n\n\n

    Organizations typically have 30 days to respond to a DSAR, though this can be extended in certain situations. Most universities have a webpage telling staff how to make a DSAR. Cambridge University’s is here<\/a>.<\/p>\n\n\n\n

    If information exists and the university fails to provide it after a DSAR, then this is a violation of General Data Protection Regulation (GDPR). <\/p>\n\n\n\n

    Cambridge is very secretive. It is near the top of the universities ranked according to complaints to the Information Commissioner’s Office (ICO) for breaches of GDPR, as blogged earlier<\/a>. It is actually top of the universities for the most serious complaints of all, where the ICO takes action, noted here<\/a>. The university and its information officer (Dr James Knapton) have already been taken to court for failure to comply with GDPR and had to acknowledge fault.<\/p>\n\n\n\n

    \n

    Sued University of Cambridge and Dr James Knapton, Information Compliance Officer, for refusing to disclose an employee\u2019s personal data in breach of GDPR (General Data Protection Regulation) resulting in a pre-hearing settlement and the provision of previously withheld information.<\/em>” [Cambridge Legal<\/a>]<\/p>\n<\/blockquote>\n\n\n\n

    This case is in the public domain as the University (unusually) failed to negotiate confidentiality terms as part of the settlement. There are other cases which can’t be mentioned.<\/p>\n\n\n\n

    Right now, there is an ongoing investigation into someone very senior at Cambridge University.<\/p>\n\n\n\n

    Prof Tim Harper<\/a> (Head of the School of Arts and Humanities) was appointed as Responsible Person. As part of the investigation, he needed to get information regarding a meeting between Prof Nigel Peake<\/a> (Head of the School of Physical Sciences) and others in Summer 2021. A letter about the meeting was sent from Prof Peake to Prof Harper.<\/p>\n\n\n\n

    Prof Harper then was led into an error. He did not disclose the letter to the complainants. Failure to disclose evidence to all parties is a very serious matter. It has been at the heart of a number of great miscarriages of justices in the British judicial system.<\/p>\n\n\n\n

    Subsequent DSARs to Prof Harper and Prof Peake also failed to disclose the letter. This compounded the original error by placing both Heads of School in violation of GDPR legislation. The letter was eventually provided after its existence was demonstrated by other evidence. A complaint has been made to the Information Commissioner’s Office about this withholding despite a DSAR. Such complaints are public information and accordingly we are free to divulge it here.<\/p>\n\n\n\n

    \n

    My understanding is that the university and its information officer have already been taken to court for failure to comply with GDPR and had to acknowledge fault.  Invariably the records they fail to release are those showing the actions of senior HR figures, so as to implicate naive professors as the source of all wrongdoing. As the cases of Professors Bullmore and Wagner show, they are more than happy to let us suffer the consequences as long as their own actions remain secret [Poster on ‘Prancing Butchers’ thread here<\/a> ]<\/p>\n<\/blockquote>\n\n\n\n

    Analogous to the examples given by the poster, it is Prof Harper who is carrying the can for the mistakes of others.<\/p>\n\n\n\n

    Those acting as Responsible Persons in Cambridge HR investigations are very often not told the whole truth or are manipulated by access to partial information. <\/strong>Often, it is fair-minded and kind-hearted academics (like Prof Harper) who are seduced into acting as Responsible Persons by the argument that they are being public-spirited or that it is for the good of the university. This is not true. Instead, the role is dangerous and it is likely to backfire as you are often being manipulated by powerful actors behind the scenes.<\/p>\n\n\n\n

    We recommend that no — absolutely no — responsible academic ever participates as a Responsible Person<\/strong> in a Grievance procedure.<\/strong> This is needed to bring the system crashing down<\/strong>.<\/p>\n\n\n\n

    <\/p>\n\n\n\n

    <\/p>\n","protected":false},"excerpt":{"rendered":"

    A Data Subject Access Request (DSAR) is a formal request made by an individual (the “data subject”) to an organization, asking to access the personal data the organization holds about them. This request is a key right under data protection laws. When a person makes a DSAR, any organization such […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1608","post","type-post","status-publish","format-standard","hentry","category-blog"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/21percent.org\/index.php?rest_route=\/wp\/v2\/posts\/1608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/21percent.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/21percent.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/21percent.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/21percent.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1608"}],"version-history":[{"count":29,"href":"https:\/\/21percent.org\/index.php?rest_route=\/wp\/v2\/posts\/1608\/revisions"}],"predecessor-version":[{"id":1641,"href":"https:\/\/21percent.org\/index.php?rest_route=\/wp\/v2\/posts\/1608\/revisions\/1641"}],"wp:attachment":[{"href":"https:\/\/21percent.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/21percent.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/21percent.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}