I don't have any views on the specific questions Julie raises, but in
general, Sched 2, Part II article 2 (1) (a) seems to me to mean something
different from what she implies.
It says that you have to ensure that the Data Subject 'has' the information
or is provided with it, or has it made readily available 'so far as
practicable'. This is very far from a blanket requirement to issue a fair
collection notice.
If the Data Subject already knows what you are doing with their data, then
they 'have' the information, and it would certainly not be 'practicable' to
go back over old manual records just to check, as long as you are satisfied
that the people in the records do have the information, either because they
were told or because they could infer it from the circumstances at the time
and their history of transactions with you. There is also the option of
making it 'readily available' - i.e. making sure that people know where they
can find out what you do with their data.
So the only time you really have to go out of your way to issue a fair
collection notice is when you are doing something that is not already
obvious to the Data Subject. That's been my understanding for some time,
based in part on comments I have seen from the OIC.
Also, for this topic there is no specific difference between sensitive and
non-sensitive data. They would only have to be treated differently if you
felt that the particular nature of sensitive data meant that you needed to
take extra steps to inform the Data Subject in order to make your processing
'fair' overall.
I'd be interested if anyone seriously disagrees with this, as it's what I've
told several thousand people on my training courses.
Paul Ticher
Information Management
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: Julie Burcham <[log in to unmask]>
To: <[log in to unmask]>
Sent: 22 February 2001 15:25
Subject: Any Views
Under section Sch 1, 2(1) Fair Processing code data controllers are required
to issue, data subjects with a statement (fair collection notice) informing
them of details as set out in para 3.
Whilst I understand this requirement can anyone confirm the action to take
in the following circumstances to comply with the code:
a) manual personal data held within a relevant filing system and processed
prior to oct 1998? Do I need to issue an FCN to these data subjects?
b) automated personal data held and processed prior to oct 1998? Do I need
to issue an FCN to these data subjects?
c) manual personal data collected after Oct 1998 and still being processed?
Do I need to issue an FCN to these data subjects?
d) automated personal data collected after oct 1998 and still being
processed? Do I need to issue an FCN to these data subjects?
e) automated data collected after March 2000 and still being processed? Do
I need to issue an FCN to these data subjects?
f) manual data collected after march 2000 and still being processed? Do I
need to issue an FCN to these data subjects?
The personal data is a mixture of "data" and "sensitive data"?
--
Julie Burcham
Managing Consultant
-----------------------------
AMTEC Management Services is a division of
AMTEC Consulting plc, Excalibur House, 2 The Millennium Centre, Crosby Way,
Farnham, Surrey, GU9 7XX
Telephone 44(0)1252 737866
Fax 44(0)1252 737855
Email [log in to unmask]
Web Site www.amtec.co.uk
-----------------------------
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone
else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|