I prefer to start from the data subject. I don't have a suitable sample
form, but I usually ask:
* What sort of people do we have information about?
* What do we use it for?
* Where do we get it from?
* How is it stored?
One can then go on to ask the other questions, such as:
* What are data subjects told, or what is implied, about the use(s) the
data will be put to?
* Is any of the data sensitive?
* Do we need consent, and if so how do we get it and record it?
* Do we need to offer any opt-outs, and if so how is this done and
recorded?
* How long is the data held?
etc.
Any of the questions can be elaborated on; e.g. on storage you can ask
'which system holds the data?', 'what happens to the data capture forms?'
etc.
I find that this approach helps people to think through their whole
relationship with any given data subject, rather than looking at specific
systems, which may have information about a range of different data
subjects.
Paul Ticher
Information Management
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
----- Original Message -----
From: Brenda Scourfield <[log in to unmask]>
To: <[log in to unmask]>
Sent: 27 June 2001 15:45
Subject: Form to Identify All Processing
> Does anyone have an example of a form to distribute throughout an
> organisation (in this case, Local Authority) in order to identify all
> processing being carried out. I have drafted a rough copy but didn't want
> to reinvent the wheel. Also, there may be something I haven't realised
I've
> missed.
> I am trying to identify all software - purchased or in-house, the platform
> it runs on, manual records if any, and what data and type of data is held.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|