Sounds like a good idea, Dor, considering a case reported in one of the IC's
annual reports which goes:
"Unfair Processing & Using Live Data for Demonstration Purpose
A data controller was setting up procedures for in-house training of its
customer-facing staff and needed to find an example upon which to base their new
procedures. The example used was of an existing member of staff who had
occasion to use the company's facilities as a customer. The staff member was
unaware that this had taken place, and only realised what had happened when other
employees began referring to his experience. The data subject requested an
assessment. The ICO assessed that the data controller was unlikely to have
complied with the Act and recommended appropriate changes to the procedures
involved. The data controller removed the individual's data and replaced it with a
theoretical example not linked to any actual person. They also put in place
procedures to safeguard future use of real-world data in their training."
I can imagine what a person would think if the data was not just about a cust
omer complaint but included sensitive data usually found on benefits files!
Ian B
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information given above does not replace or negate the need
for proper legal advice and/or representation. It is essential that you do not
rely upon any advice given without contacting your solicitor. If you need
further explanation of any points raised please contact Keep I.T. Legal Ltd at
the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
--------
In a message dated 23/11/04 11:56:54 GMT Standard Time,
[log in to unmask] writes:
> No, the Council employees (the people who are doing the training) are the
> ones putting the information into the system. I have basically advised they
> can use scenarios but anonymise the personal data. An external verifier also
> wishes to come in to the Council to verify the information by
> cross-referencing the "real" data with a Unique ID....so it does get worse and there are
> also sub-contractors etc. Anyway, I have suggested that they photocopy "real"
> cases and take out the details which would identify an individual and
> substitute with the anonymised data used on the web.
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|