Hi all,
I've posted about this to nasma and raws, so apologies for substantive cross-posting.
Our Student Advice Service is in the throes of revising our policy and would be interested in swapping notes with other people working in a similar context who've done this recently (in the light of current manual files losing transitional protection). I've got a draft (in RTF format) which individuals are welcome to ask for in exchange for yours. Please note that this document is *my* draft and not our service's policy.
Particular issues which are outstanding are:
Who's the Data Controller? As things stand, this would be the General Manager on behalf of the Union, but perhaps no-one would want a situation where he needs to audit our methods of case-recording etc. Is it acceptable to maintain the formal position that the SU has one data controller, or should we be looking at separate notification? Has anyone resolved this?
How do we observe the 7th Principle apart from locking things up and not letting outsiders look at our casefiles (apart from clients looking at their own)?
There's also the issue of making the policy complete without becoming so cumbersome that it's self-defeating in terms of serving as an effective means of letting (some) data subjects know what we're doing.
Thanks
Paul
Paul Hubert
Welfare Officer
Leeds Metropolitan University Students Union Student Advice Service
B Building
Leeds Metropolitan University
City Campus
Leeds LS1 3HE.
============================
Tel 0113 209 8408
E-mail: [log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|