Hi,
One of our depts is running a national database which is populated with
health and other stats for patients. The records are received on electronic
and paper format. Although the data are anonumised they constitute personal
data (sensitive 'n all) as the controllers could come accross other
information that would help them identify living persons.
The dept. double checks that the electronic versions match the paper records
and then holds on to the paper version (as proof of what is in the database)
for a while. Is there any external (legal) reason to want to hold the paper
records for a specified period of time, or is it an internal matter. They
would like to destroy the records 18 months after they receive them.
I say they can do what they like, ie. destroy at 18 months, but have a policy
that says that is what they do.
Am I missing something?
Thanks
Charles
==============================================
Charles Christacopoulos, Secretary's Office, University of Dundee,
Dundee DD1 4HN, Scotland, United Kingdom.
Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
http://www.somis.dundee.ac.uk/
Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|