I also agree with comments. As a local authority person, I was trying to
get an audit policy to be put in place (I got a policy of sorts but the word
"audit" was excluded) as this would have committed a vast amount of funds.
It is very hard to get authorities to put every effort behind this
especially when you have things like Modernising Govt., e-procurement,
Single Status...to mention a few. I have found though only through my first
ever Subject Access Request just before Xmas that individual Departments
have now started thinking Data Protection as it took a lot of time and
effort to get the required documentation and they have realised with manual
records coming into their own in October that they will have to get their
files in order. I have now received another one....so hopefully, the
message will get across.
I am one of the fortunate ones and am hoping to do the DP Diploma this year.
Doreen Broom
Data Administrator
Scottish Borders Council
Council HQ
Newtown St.Boswells
Melrose
Borders TD6 0SA
Tel: 01835 824000
> -----Original Message-----
> From: Dave Wyatt [SMTP:[log in to unmask]]
> Sent: 25 January 2001 00:33
> To: [log in to unmask]
> Subject: Re: University fund-raising
>
> Andrew:
> I concur with your comments 'others do, so why cant we?'. Whenever I
> challenge this statement evidence supporting the argument appears to go
> missing ;-).
> How many DPA advisors have not heard that one? A problem DPA advisors
> have
> within organisations is that they can be ignored unless supported by
> management authority so are forced down a bureaucratic sign off route just
> to show evidence of advice given. We can attempt to show our
> professionalism
> and give credibility to the role of a DPA consultant / advisor by getting
> qualified, unfortunately due to cost most employed in this area need their
> employers sponsorship.
>
> David Wyatt
> DP Manager major multi-national Insurer
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]]On Behalf Of
> [log in to unmask]
> Sent: 24 January 2001 15:43
> To: [log in to unmask]
> Subject: Re: University fund-raising
>
> Jane,
>
> As an ex-erstwhile student of your employer's predecessor, as well as a
> DPO,
> I think you are totally correct in stating that information gathered for
> emergency contact purposes and general student administration may not be
> used for fund raising from parents.
>
> If you have identified marketing to the student as a purpose, that does
> not
> include marketing or fund raising from the parent.
>
> I suffer a lot from "but so and so does it this way, so why can't we"
> arguments. This assumes that they have it right, I do wonder with some
> organisations. I think the only answer here is to ask them to sign off
> against a memorandum where you explain the law and ask them to take full
> responsibility for not following your professional advice. Very few people
> will sign up to deliberately processing data beyond what they have
> notified
> the Commissioner or the data subject once they understand the impact this
> could have on them.
>
> As I am still in personal contact with some other Plymouth alumni I will
> discover if you win!
>
> Andrew
>
> Andrew Fogden
> Global IT Security & Data Protection Officer
> The British Council
> London
>
> +44 (0) 20 7389 4148
________________________________________________________________
This e-mail is privileged, confidential and subject to copyright.
Any unauthorised use or disclosure of its contents is prohibited.
The views expressed in this communication may not necessarily
be the views held by the Scottish Borders Council.
_________________________________________________________________
|