** Reply to note from Babis <[log in to unmask]> Tue, 25 Jun 2002 12:51:13 +0100
Hi Babis
A couple of questions and see if I can be of any help.
Are you a DPO for UMIST? Are you a DP representative for your unit? Or is your
interest academic, because you working in a Centre for Research in Information
Management?
I am currently in the process of building a web form for our internal
notification. I imitate (if not copy exactly) what the IOC has on line. Give me
your IP address and I can open it for you to have a look. It may or may not help
you though.
> I would like to ask for some practical tips regarding notification.
>
> I have used the on-line notification system in the IC web site. It seems
> a straightforward process and when it is completed, you can print it and
> also you can save it as a file.
I did it 10-20 times until I grasped it.
>
> What I am concerned about is the fact that the information that I use is
> not easy to understand. I don't have definitions of the purposes so I
> don't know what they mean in English.
There are explanations somewhere ... I got them copied and use them on line
> There are no sample data for the
> data classes so I don't understand what kinds of personal data they deal
> with.
Any personal data ... as defined by the Act blah blah ... are your missing
sample data. Eg. a name, address and so on. I agree not all classes make sense to
me either.
>
> Also, I would prefer to have some software that will help me more with
> the notification process and any modifications that I would like to do.
> I would like to be able to jointly define our data protection
> registration with other members of my organisation and I would like to
> know who defines what. I would also like to have some way to publish
> this record on our web site and I would like to have some audit trail
> facilities to link the dp record with actual data.
Aha. We are supposed to carry out audits which will let us know what data are
processed, why and to whom they are disclosed. Software won't do the
audit for you and even if you had software (that is what I am trying to do),
staff will not necessarily understand what they are supposed to tick. It will
need hand holding.
Assuming an audit is made you will end up with a two-dimensional matrix.
If all your staff told you once for each purpose:
(a) the purpose for which they process data;
(b) who are their data subjects;
(c) what personal data they process;
(d) who are the recipients of the data;
You'll get a record like
PurposeCode|SubjectCode-1|SubjectCode-2|SubjectCode-N|DataCode-1|DataCode-2|DataCode-N|
Get as many records as each member of staff has purposes for processing, stick it
all in a database ... you get the idea.
Of course it would be better to get collective returns based on what
are identifiable units within your organisation, eg. Admissions Office, or
Department of Computer Science and so on. But this goes back to what is your
role in DP. (UMIST may only make one collective return. Who does it?)
--------
I publish our Notification on our website (although I might have broken a few
things now as I use the same program to serve it as I use for our internal
notification).
http://www.somis.dundee.ac.uk/dataprotect/notification.html (see: From SOMiS)
There is no program to publish it for you. If you collect your data in a
structured manner ie. in a database type application ... then the database may
allow you to publish them direct or export them to HTML and so on.
>
> What do you think? Are my requirements excessive?
No. But in a free market economy there probably isn't the demand for anyone to
develop an application and make money out of it.
>
> What do think of the on-line notification system in the IC web site?
It is incorrenctly described as online notification as the notification still has
to be sent in via paper etc. Its better description would be ... it is software
to try and help you organise your notification... Took many tries to understand
it.
>
> Babis
if it helps
Charles
PS. I just realised I missed in the matrix above DATA_RECEIPIENTS classes which
I also missed from my program and so on. Bug No:1 and have not even finished
yet.
==============================================
Charles Christacopoulos, Data Protection & Management Information Officer,
Planning & Information, University of Dundee, Dundee, DD1 4HN, Scotland,
United Kingdom.
Tel: 44(0)1382-344891. Fax: 44(0)1382-201604.
http://www.somis.dundee.ac.uk/ http://somis2.ais.dundee.ac.uk/
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|