***** THIS EMAIL WAS SENT VIA THE INTERNET *****
I use a system which is probably out of date now as it was for registration purposes but still useful for compiling a list of databases within the council. I send out a list to the Data Protection Liaison Officer (all portfolios) and ask if any changes to ownership of systems, systems no longer in use, any new ones etc. and this appears to work reasonably well and saying that I am just about to do that job..........
D
-----Original Message-----
From: Les Kingstone [SMTP:[log in to unmask]]
Sent: 17 August 2004 13:39
To: [log in to unmask]
Subject: Re: Privacy Policy Changes
***** THIS EMAIL WAS RECEIVED FROM THE INTERNET *****
Nasty one Ian!
>When reviewing published privacy policies, do those responsible for DP
>within organisations match any changes back to any
>notifications/CoP/principles/data subjects?
We (okay I) used to do an Inventory exercise every year where all
departments were interviewed and a questionnaire completed. This would
inform us what personal information we had in the organisation. This was a
fun time of the year, where I needed to chat to 250+ departments!
In a fit of enthusiasm, I would summarise the information into our business
units and compare with our notifications. The notifications would then be
changed or renewed with no changes.
At the same time I would review the practices and ensure that they comply
with what our friends at the ICO (do you ever think of the old OIC! Those
were the days, when men were men ...) recommend.
This has changed to business as usual (what the heck does that mean?).
Where our learned folk in the business will chat to me if there are any
changes in their system. That is not working well, with so many people
rating this as slightly lower on their priority list as a kick in the
head! (New Years Resolution Time - I really must get back into Martial
Arts!)
>If proposed changes to a privacy policy would affect data already
collected,
>is reliance placed upon Schedule 1, Part 2, 2(1)(b) with the onus on the
>data subject to notice the policy changes, or are other means used?
>
>What criteria are used to determine the most appropriate route to take?
>
>What ethical considerations impinge on any deliberations?
In reality, our business does not change that much, especially with our
current contracts (insurance). Major changes are reflected in brand new
shiny consent wording, lots of excitment and long hours and an added
complication to tracking who has consented to their data in what way.
Privacy Policy's go down the same sort of route,
Les
AEGON UK
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
********************************************************************
* This email is privileged, confidential and subject to copyright. *
* Any unauthorised use or disclosure of its content is prohibited. *
* The views expressed in this communication may not necessarily *
* be the views held by Scottish Borders Council. *
********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|