In a message dated 19/02/04 10:57:27 GMT Standard Time,
[log in to unmask] writes:
> Help....I believe we should not be using live data in a test
> system...........can anyone point me to the relevant piece of DP legislation
> and why?
----------
Try P1 - unfair to the data subject, P2 - incompatible with the original
purpose, P7 - disclosed to individuals who may not normally have access to it for
their duties.
Extract from an IC Annual report:
"Unfair Processing & Using Live Data for Demonstration Purpose (P1, P2)
A data controller was setting up procedures for in-house training of its
customer-facing staff and needed to find an example upon which to base their new
procedures. The example used was of an existing member of staff who had
occasion to use the company's facilities as a customer. The staff member was
unaware that this had taken place, and only realised what had happened when other
employees began referring to his experience. The data subject requested an
assessment. The ICO assessed that the data controller was unlikely to have comp
lied with the Act and recommended appropriate changes to the procedures
involved. The data controller removed the individual's data and replaced it with a
theoretical example not linked to any actual person. They also put in place
procedures to safeguard future use of real-world data in their training."
I also remember a case involving the AA (presumably Automobile Association)
who required potential recruits to use the live system to test their inputting
skills. One person amended the record of a certain Mr Blair (not Lionel, the
other one) and put an "aka" after the surname. It was spotted just as
correspondence was being sent out.
Ian B
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information given above does not replace or negate the need
for proper legal advice and/or representation. It is essential that you do not
rely upon any advice given without contacting your solicitor. If you need
further explanation of any points raised please contact Keep I.T. Legal Ltd at
the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|