Dear Charles,
I am referring specifically to the actual practice of an institution
being the same as their stated practice as recorded in their Data
Protection Register entry.
Data processing can only be carried out in line with the registered
purposes (1984 Act and transitional period) and even if an exempt-from-
notification purpose under the 1998 Act, the Principles must still be
adhered to (after 24th Oct 2001 at the latest for Web-based data).
The register entry must include a statement about overseas transfers
and disclosures for each registered purpose.
My UK university survey was carried out before the 1998 Act came
into force and revealed that c.62% of Universities were disclosing
personal data on their Web sites contrary to the declared disclosures
in their Register entries. Even with consent, a register entry must
state correct facts regarding the disclosure/transfer of personal data,
which for Web-based stuff is 'worldwide'. Under the 1998 Act this is
prohibited by the 8th Principle, which is why obtaining informed
consent becomes so important, as this is one of the conditions
allowing disclosure beyond the EEA.
I hope that makes it clearer.
If I have misunderstood the point you are questioning, please try again!
Best wishes,
Adrian
At 11:50 02/05/00 +0000, you wrote:
>** Reply to note from Adrian Tribe <[log in to unmask]> Tue, 02 May 2000
>08:03:22 +0100
>
>
> > Research that I have just carried out for a conference paper I'm
> > presenting tomorrow shows that out of all the local authority Web sites
> > in one County in England, 69% are not complying with the requirements
> > of the DPA on the issue of Web disclosure of personal data. A similar
> > survey of UK university Web sites that I did last year gave a figure of
> > 62% for non-compliance in that sector
>
>Adrian, in case it helps with tomorrow's presentation. How do you come to
>the figures. On all material published on the web - I am thinking for our
>institution - there is no indication of it being legal or illegal (of
>course it is legal B->] ).
>
>In no site is there a statement saying what is/is not legal. Are you,
>therefore making an assumption that disclosure of certain details breaks the
>law? Who is to say, how can we tell, that individual staff or students
>(whose personnal details are published) have not given explicit
>consent?
>
>Regards
>Charles
>
>==============================================
>Charles Christacopoulos, Secretary's Office, University of Dundee,
>Dundee DD1 4HN, (Scotland) United Kingdom.
>Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
>http://somis.ais.dundee.ac.uk/
>Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
Adrian Tribe <[log in to unmask]>
Web Editor, Birkbeck College, University of London
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|