In a message dated 19/10/2000 17:39:50 GMT Daylight Time,
[log in to unmask] writes:
<< I don't think DPR1 Part B (from the 84 act) has changed. CAN ANYONE TELL
ME
IF IT HAS. It runs to 6 pages with 100s of tick boxes and text fields. I
can see no way of making this into a USEABLE electronic form. Of course it
can be made into an electronic (web) form, but it is so biiiig. Getting back
on paper ... you should really enter it in a database so you can create your
matrix of what data you hold and where you get them from and where you
disclose them.
I am mentally stuck in creating such a big electronic form, as I am afraid I
will get a lot of rubbish fed back. Any ideas welcome. My predecessor
worked with paper and clerical support, I have no support so paper is no good
to me. >>
-------------------------
The form has changed and it is much simpler.
However, I would advocate the following course of action for a data audit:
1) Devise a simple form (to be completed for each purpose/process) that your
staff and managers will understand, something on the lines of a straight
table with headings like:
Location (office number/block/building) e.g. Main Admin Office
Type of data held (Manual/Computer) e.g. Computer
Types of people whose data you hold e.g. Students
Information held about those people e.g. names, addresses, phone numbers,
......
Where does the info come from? e.g. the students themselves, schools, ....
Where does it go to (including other departments)? e.g. tutors, exam bodies,
.....
What do you use it for while you have it? e.g. emergency contact,
correspondence...
How long do you keep it for? e.g. 6 years after the student leaves
What security is there on the file/computer? e.g. passwords, audit trail,
.....
Is the information transferred overseas or put onto a web site? e.g. No
This way, you as informed DPOs will be able to transfer those plain language
answers into the categories you need for notification purposes, e.g. data
subjects, data classes, sources (not notifiable but you will need them to
respond to subject information notices), recipients, overseas transfers,
security outline.
Remind them in the covering letter to include computer files (at home as well
as at work if they are allowed to process work data at home), and manual
stuff in filing cabinets, desk drawer suspension files, card index systems,
filofaxes, notebooks.
Ian Buckland
MD
Keep IT Legal Ltd
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|