The only response received has been from Paul Hubert.
Response:
I'm not clear what information library staff might be giving out which could be
expected to cause a problem. I suppose if someone presents themself with a
ticket and says 'Can you tell me what I've got out on my ticket, as I've
forgotten?', it could cause a problem if the person was really a member of the
member's family and the answer was revealing - e.g. 6 books on do-it-yourself
divorce or poisoning with everyday plants. If the person was asking for
identity-related information, shouldn't staff take precautions anyway? e.g.
punter says 'I've moved house and I've forgotten whether I've notified you of my
change of address. Can you tell me what address you've got on record for me?',
wouldn't staff ask what was the old address and what's the new before checking
the record and then ask them to fill in a card and sign it, so as to
cross-check? I think that's what happened when I changed my address in my local
library a few years ago (before DPA 98).
Jody
-----Original Message-----
From: Jane Bex <[log in to unmask]> at Internet
Sent: 09 April 2001 11:15
To: Jody Bhoot
Subject: RE: FW: DP training for libraries
Dear Jody
Please would you summarise any replies you get to this enquiry and send it (the
summary that is) to the list? I would be very interested in any responses you
get.
Thanks
Jane
________________________________________________________________________
Jane Bex, Liaison Officer, Monitoring and Advisory Unit (MAU), Templeman
Library,
University of Kent, Canterbury, Kent CT2 7NU
Tel: 01227 827742 Fax: 01227 823984 URL: http://www.mau.ac.uk/ Email:
[log in to unmask]
[log in to unmask] wrote:
> -----Original Message-----
> From: Jody Bhoot
> Sent: 04 April 2001 11:19
> To: DATA PROTECTION GROUP (E-mail)
> Subject: DP training for libraries
> Importance: High
>
> Has anyone given any dp training for library staff. If so, how have you
> approached the following questions:-
>
> 1. Who is responsible for the information that they give out?
>
> 2. How far can they go in giving out information at the counter, to
someone
> standing in front of them. i.e. If someone comes in with their friends
> ticket?
>
> 3. How do we know who is standing in front of us, and where do we stand if
> information is given out by accident to the wrong person - due to not
being
> able to identify them.
>
> 4. Is there any protection for staff?
>
> My general response to the questions has been:
>
> 1. Staff handling personal information as part of their job needs to be
> aware of their responsibilities under the DPA 1998 and employee will
> personally liable for breaches of the Act, if they disregard any instructions
> given on the proper handling of personal information.
>
> 2. Staff should only disclose personal information to the ticket holder
> unless a permission has been granted to a third party by the ticker
holder.
> This is the standard approach employed by banking institutions in disclosing
> personal information to third parties.
>
> 3. Proof of identification is the ticket presented by at the counter. To
> take this step to the extreme I recommend adding a photo of the ticker
> holder, similar to the new driving licence . A defence for staff accidentally
> give out information in error is if they have demonstrated all reasonable
> care was taken in the proper handling of personal information.
>
> 4. Protection for staff is to follow the council policies and not to
> disregard any instructions given in the proper handling of personal
> information.
>
> Please let me know how you have responded or are likely to respond to the
> following questions.
>
> Regards,
>
> Jody
>
> _______________________________________________________________________
> The contents of this message do not necessarily represent the
> opinions, views, policy or procedures of Leicestershire County Council.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_______________________________________________________________________
The contents of this message do not necessarily represent the
opinions, views, policy or procedures of Leicestershire County Council.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|