In a message dated 07/02/2001 09:59:12 GMT Standard Time,
[log in to unmask] gave us Coventry's Consent Clause:
<< Data Protection Act 1998: Consent to process Information
I understand that the University collects information about all its
students for various administrative, academic, and health and safety
reasons. Because of the Data Protection Act 1998 I understand that the
University requires my consent before it can do this, since it cannot
operate the institution effectively without processing information about
me. I therefore agree to the University processing personal data
contained in my enrolment form, UCAS form or other data which the
University may obtain from me or other people, whilst I am a student, an
applicant, or a former student. I agree to the processing of such data
for any purposes connected with my studies or my health and safety
whilst on the premises or for any other legitimate reason. In
particular, I accept the University's policy of releasing personal
information to authorised bodies such as sponsors, government agencies,
and present/potential employers, but not to relatives or friends. I also
agree to the release of my results to my former school/college. I accept
the University's practice of displaying names on pass lists. I note that
the only data held on me which constitutes "sensitive data" as defined
in the above Act comprises my ethnic group and the disability
classification which I supplied to the University.
I understand that by registering for the use of University IT facilities
I will be issued with an email address. I agree to the publication of
this email address on the University's web site and understand that the
address will be available world-wide, including in countries where the
rights of data subjects are not protected by law. I understand that I
may opt to have my address withheld by contacting the Webmaster in the
Computing Services Department at the University. >>
----------------
A few minor points:
1) The Uni will not need consent for all the processing it does, so the
premise contained in the first two sentences is actually incorrect;
2) Because the statements about other sources and other purposes are so
woolly it is unlikely to qualify as explicit consent (required for the
sensitive data - which incidentally may not be restricted to the categories
listed, what about sickness records, allergies, religious beliefs, trade
union membership for union-sponsored students, offences, etc?);
3) If the e-mail addresses are ones that identify the individual, it may be
better to include a tick box at this point, rather than asking them to
contact someone else. Consent is always best obtained at the time of
collection;
4) Although it seems to be a comprehensive (and long) statement of intent it
is rather lacking in substance and appears to give the Uni "carte blanche" to
process data to their heart's content. In fact it doesn't but how many
students will realise that?
Ian B
MD
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|