I'd like to suggest that the lessons of the discussion of the DPA are:
people responsible for sensitive data (such as that relating to health and
disability) should seek advice and back up for how they deal with this from
the person responsible for this in their organisation; individuals should
keep their wits about them and try to be informed about what they do but not
rely on hearsay; complex issues such as the interaction between different
bits of legislation should be dealt with through the establishment of proper
systems and policies.
Expertise is all very well, but some of this is too serious for ad hoc
responses. If your organisation hasn't got to grips with this area, complain
about it till they do! (Obviously if you are your organisation this will be
a bit different!)
Paul
|