In message <001301c48088$b187a160$3d3468d5@com>, at 17:23:19 on Thu, 12
Aug 2004, Ian Welton <[log in to unmask]> writes
>> I don't know what standards apply to that sort of audit trail.
>>
>> Is there a requirement for a similar audit trail every time an
>> "internal" enquiry is made from the database?
>
>1. I would have thought sufficient standards as would be necessary to
>adequately protect the integrity of the data for the purpose(s), and manner,
>in which that data is held. Surely anything less would be in breach of
>principle seven.
>
>2. How would you confirm the data is only utilised for the purpose it was
>collected for if there are no audit trails of the enquiries made against it?
But for how long after the data has been accessed do you need to keep
the precise details of the transaction? If you keep every transaction
the database does, for 7 years, that's a lot of data! Doesn't there come
a point where you can say "everything that happened more than "x" time
ago was above board, but we haven't got chapter and verse".
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|