Dear All,
--On 12 February 2003 13:15 +0000 Ian Welton <[log in to unmask]> wrote:
> It would be necessary for significant changes to be made to the DPA 1998
> if notification were to be successfully removed.
This is correct, but the Commission's review of the Directive included
asking whether the Directive should be amended or even replaced - this
would allow for removal of notification - however, this seems highly
unlikely to happen.
> The general costs of notification are far cheaper than many other
> alternatives. Alternative costs are frequently not considered when
> debates about notification occur.
What are the alternatives (and their potential costs)? I guess periodic
compulsory audits might fall under that heading - and they would be more
costly - although they might fit more effectively into the avarge medium to
large company's auditing schedule - is that the kind of alternative you
mean? I think you're probably right that those wanting notification
abolished often don't envisage it being replaced by some other mechanism,
and as others have pointed out, notification does serve some useful
purposes.
> Going back to the Lindop Report (1978) Paragraph 4.38 stated:-
>
> "A registration requirement is provided in the statutes of Sweden, West
> Germany, Canada, France, Belgium, Austria, Norway, Luxembourg and Denmark
> (in some cases the requirement is restricted to the public or private
> sectors or to users of automatic data processing). It is significant that
> even the US Privacy Act requires federal agencies to publish their record
> systems in the Federal Register, despite its generally different approach
> in most other respects. Furthermore, the Hessian Data Protection
> Commissioner emphasised in his oral evidence to us that the absence of a
> specific registration requirement in the 1970 Hesse Act had hampered his
> office in its work, and we note that such a requirement has now been
> included in the new legislation (section 25) which this year replaced
> that Act."
>
> so I am unsure where the issue of registration spreading out from the UK
> act came from.
In my case, from OIC representatives, with regard to the specific nature of
registration adopted in the Directive, but I'm willing to be persuaded
otherwise - perhaps, on the basis of the quote (suggesting the registration
was partial in some cases) the UK provided the concept of registration
across the board for both private and public sectors - I'm pretty sure that
both Canada (until recently) and the US only applied such a system to the
public sector - I can't say for the others.
Best wishes
Andrew
Andrew Charlesworth
Senior Research Fellow in IT and Law
Director, Centre for IT and Law
School of Law/Department of Computer Science
University of Bristol
Wills Memorial Building
Queens Road, Bristol BS8 1RJ
Tel: 0117 954 5355 (Law), 0117 954 5633 (CompSci)
Fax: 0117 925 1870 (Law), 0117 954 5208 (CompSci)
E-mail: [log in to unmask]
[log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|