Ian B of Keept it Legal said
# >1) The Uni will not need consent for all the processing it does, so the
# >premise contained in the first two sentences is actually incorrect;
Yes I agree with you
I also think it's too long winded, who on earth would understand all that
at first glance? I think it's missing the point of fair collection notice
I certainly don't encourage staff to use blanket statements but to think
about the processing purposes etc and then use an appropriate form of
words. Things such as 'as regulated by DPA' are completely useless as far
I am concerned, don't you think so to? what does that mean to joe punter?
We have agreed a corporate form of words for student applications which says
..........................................
I am aware that :-
the University will create and maintain computer and paper
records on me, both during my course and after I leave the University;
these records will be processed in compliance with the the Data
Protection Act 1998.
I consent that the information in the records may be used for reports both
internally within the university and to external bodies including
information required for grant, loan and other bursary administration,
and references to employers and other organisations.
any comments please?
We also have a statement in the student handbook
for students who fail to pay their debts to the library/halls etc
which says we will pass data to our debt collection agency. they cannot
opt out of this!
I also thought that processing of sensitive data needs express consent
from a data subject who is quite clear about the processing, not maybe or
perhaps etc?
# >better to include a tick box at this point, rather than asking them to
# >contact someone else. Consent is always best obtained at the time of
# >collection;
Yes I agree but I have to say with 20K users and all student accounts
created automatically we cannot expect users to opt in to our on line
directory services as this is part of the service we offer as a
business as it where. It must be the other way round to opt out. I understand
this is acceptable to the ODPC
# >4) Although it seems to be a comprehensive (and long) statement of intent it
# >is rather lacking in substance and appears to give the Uni "carte blanche" to
# >process data to their heart's content. In fact it doesn't but how many
# >students will realise that?
not a good idea I don't think, controllers won't even think about what
they are doing is have 'carte blanche' I am sure?
Sally Justice
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|