We are already receiving requests from colleagues for
appropriate statements that they can use for the forthcoming
academic year as some are getting ready to have forms etc
printed.
How soon can we get examples from the Lancaster Project or
elsewhere in order that we can have a common sectoral approach
to this issue.
On Thu, 8 Feb 2001 10:12:44 +0000 Sally Justice
<[log in to unmask]> wrote:
> From: MX%"[log in to unmask]" "Okey, Andrew" 8-FEB-2001 10:03:55.97
> To: MX%"[log in to unmask]"
> CC:
> Subj: RE: Consent to Process Clause
>
> Return-Path: <[log in to unmask]>
> Received: from CSDAlpha2.sbu.ac.uk (136.148.1.111) by fire.sbu.ac.uk (MX
> V5.1-AX AnDn) with ESMTP for <[log in to unmask]>;
> Thu, 8 Feb 2001 10:03:54 +0000
> Received: from rebo.lancs.ac.uk (rebo.lancs.ac.uk [148.88.16.230]) by
> CSDAlpha2.sbu.ac.uk (8.11.0.Beta1/8.8.8) with ESMTP id f18AAGF21857
> for <[log in to unmask]>; Thu, 8 Feb 2001 10:10:16 GMT
> Received: from exchange-ims.lancs.ac.uk ([148.88.17.22]) by rebo.lancs.ac.uk
> with esmtp (Exim 3.16 #2) id 14Qnw1-0001ig-00 for
> [log in to unmask]; Thu, 08 Feb 2001 10:04:17 +0000
> Received: by exchange-ims.lancs.ac.uk with Internet Mail Service (5.5.2650.21)
> id <1M721SM7>; Thu, 8 Feb 2001 10:04:21 -0000
> Message-ID: <[log in to unmask]>
> From: "Okey, Andrew" <[log in to unmask]>
> To: "[log in to unmask]" <[log in to unmask]>
> Subject: RE: Consent to Process Clause
> Date: Thu, 8 Feb 2001 10:04:17 -0000
> X-Mailer: Internet Mail Service (5.5.2650.21)
>
> At our last meeting with the OPDC compliance people, we were advised that
> extensive/legalistic consent statements were undesirable because they often
> obscured what students really needed to know. Given that many data processes in
> an HEI are self-evident, any statement given to students should focus more
> properly on those things which a student might not be able deduce from their
> basic knowledge of how universities work (for example, the chances of an 18
> year old knowing who HESA are is very small, so disclosure to HESA should be
> mentioned specifically).
>
> I'm with Ian and Sally on this - the Coventry statement seems to obscure/avoid
> really crucial points because of its emphasis on extracting some kind of
> quasi-legally phrased blanket consent from the student. This seems especially
> problematic when it comes to consent for disclosures, which is particularly
> sweeping here (NB. intriguingly, Coventry say they will release to
> "sponsors......but not to relatives" - this is something the Lancaster DP
> project is scratching its head over at the moment, because providing a sensible
> definition of "sponsor" which avoids including relatives who pay fees has
> proved difficult, and will need careful thought).
>
> One aim of the Lancaster DP project is to provide a few examples (or maybe one
> ur-example that can be adapted to taste) of OPDC-approved consent/registration
> statements. If anyone else out there has a statement they are happy with, we'd
> welcome receiving a copy (email either myself or Mark Mukerji, the project
> Officer, at [log in to unmask]).
>
> Andrew Okey
> Lancaster DP project
>
> > -----Original Message-----
> > From: Sally Justice [SMTP:[log in to unmask]]
> > Sent: 08 February 2001 09:33
> > To: [log in to unmask]
> > Subject: Re: Consent to Process Clause
> >
> > Ian B of Keept it Legal said
> >
> > # >1) The Uni will not need consent for all the processing it does, so the
> > # >premise contained in the first two sentences is actually incorrect;
> >
> > Yes I agree with you
> >
> > I also think it's too long winded, who on earth would understand all that
> > at first glance? I think it's missing the point of fair collection notice
> > I certainly don't encourage staff to use blanket statements but to think
> > about the processing purposes etc and then use an appropriate form of
> > words. Things such as 'as regulated by DPA' are completely useless as far
> > I am concerned, don't you think so to? what does that mean to joe punter?
> > We have agreed a corporate form of words for student applications which says
> >
> > ..........................................
> > I am aware that :-
> >
> > the University will create and maintain computer and paper
> > records on me, both during my course and after I leave the University;
> > these records will be processed in compliance with the the Data
> > Protection Act 1998.
> >
> > I consent that the information in the records may be used for reports both
> > internally within the university and to external bodies including
> > information required for grant, loan and other bursary administration,
> > and references to employers and other organisations.
> >
> > any comments please?
> >
> > We also have a statement in the student handbook
> > for students who fail to pay their debts to the library/halls etc
> > which says we will pass data to our debt collection agency. they cannot
> > opt out of this!
> >
> > I also thought that processing of sensitive data needs express consent
> > from a data subject who is quite clear about the processing, not maybe or
> > perhaps etc?
> >
> > # >better to include a tick box at this point, rather than asking them to
> > # >contact someone else. Consent is always best obtained at the time of
> > # >collection;
> > Yes I agree but I have to say with 20K users and all student accounts
> > created automatically we cannot expect users to opt in to our on line
> > directory services as this is part of the service we offer as a
> > business as it where. It must be the other way round to opt out. I understand
> > this is acceptable to the ODPC
> >
> > # >4) Although it seems to be a comprehensive (and long) statement of intent
> > it
> > # >is rather lacking in substance and appears to give the Uni "carte blanche"
> > to
> > # >process data to their heart's content. In fact it doesn't but how many
> > # >students will realise that?
> > not a good idea I don't think, controllers won't even think about what
> > they are doing is have 'carte blanche' I am sure?
> >
> > Sally Justice
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > If you wish to leave this list please send the command
> > leave data-protection to [log in to unmask]
> > All user commands can be found at : -
> > www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> > all commands go to [log in to unmask] not the list please!
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
----------------------
Barry Kelly
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|