I always ask for ID. Then again, how do you know it isn't stolen ??? I
suppose there has to be some level of trust, surely !?!? As long as you
have some means of checking the person's identity then at least this shows
you are making a 'reasonable' attempt to avoid disclosing to an imposter !
[log in to unmask]@JISCMAIL.AC.UK> on 31/01/2001 15:35:22
Please respond to [log in to unmask]
Sent by: This list is for those interested in Data Protection issues
<[log in to unmask]>
To: [log in to unmask]
cc: (bcc: Matthew Nunn/Registry/Southampton Institute)
Subject: Re: 40 days or not 40 days that is t
** Reply to note from Mitchell Alex <[log in to unmask]>
Wed, 31 Jan 2001 15:24:30 -0000
> ODPC guidance is:
> A Data Controller must comply with a subject access request promptly and
in
> any event within 40 days of receipt of the request or, IF LATER, within
40
> days of receipt of:-
>
> 1. the information required to check the identity of the person making
the
> request and to locate the information requested AND
>
> 2. the fee
I would go with the above and if there are delays I would not cash the
cheque.
Now if you really want to make it difficult for the person asking, how do
they prove they are the same person as the one for whom they are asking
information.
Charles
==============================================
Charles Christacopoulos, Secretary's Office, University of Dundee,
Dundee DD1 4HN, Scotland, United Kingdom.
Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
http://somis.ais.dundee.ac.uk/
Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
|