In a message dated 17/01/2002 13:23:31 GMT Standard Time,
[log in to unmask] writes:
<< My understanding is that the onus is on the data controller to be in a
position to locate where personal information is stored and to make it
available to data subjects on request. >>
----------
This is not strictly true. There is a need for all data controllers to
notify their automatic processing and to provide information on request to
anyone who wants to know what manual processing occurs. To meet this
requirement, many data controllers will have undertaken a data audit which
will tell them what information they have about what **category** of data
subjects, rather than the subject's identity.
Data subjects also have the right to know whether a data controller is
processing personal data about them. Again, "reasonable" detail from the
data subject can be required to assist locating the data. What is
"reasonable" will depend on the particular circumstances.
The Freedom of Information Act will require public bodies to know (and make
available) what information they have in greater detail. During their
preparations for this Act's application they will probably gain a better idea
of what data they have on whom.
In the meantime, data subjects could be given (particularly in large
organisations that tend to change their departmental structure on a regular
basis) a list of the processing that takes place with tick boxes for those
areas where they feel their data may be involved.
Ian Buckland
MD
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|