If you are my customer I have a formal contract with you and my Ts&Cs are
clear, written and in your files and my files. If you log into my website
to create your data record (or I have your data in other ways with your
permission) then you have a reasonable expectation that my current privacy
policy will not alter adversely. I doubt it has been case law tested, but I
think it is currently incumbent on you to print off any page that you will
wish to refer to at a later date for legal remedy, or to ask me for the then
current version.
Your thought train is prompting me to think about a note to that effect on
our own site, but, on balance, I feel this is overkill.
If I alter a privacy policy to your detriment then other things happen,
though.
For example, tomorrow I decide that all Marketing Improvement [MI] data will
be transferred to "Tim Trent Trading" [TTT]. I alter the privacy policy to
that effect, and make the transfer.
Different things now come into play. The most provable, and thoroughly to
the detriment of TTT is that TTT has obtained your data unfairly and will
process it unfairly. Why provable? Because you have no prior relationship
with TTT and had no expectation of a relationship with TTT. You complain to
TICO and TTT gets a letter saying "What are you doing". TTT, were is not me
in disguise, would immediately create havoc with MI as supplier of data, and
would ensure that TICO knew of MI's role.
Of course, since TTT is a clandestine operation it would deny the link with
MI, but would be unable to prove it had the data legally. TICO would then
consider enforcement action against TTT.
Of course we would all have died by then.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Duncan Smith
Sent: Tuesday, July 20, 2004 11:44 AM
To: [log in to unmask]
Subject: Re: [data-protection] Privacy Policy changes
Tim,
Surely this represents a cavernous legal loophole.
1) Any business may alter its terms of trading, which must surely include
its privacy policy, at any time, and with whatever notice it deems
appropriate
The law (and our esteemed Regulator) educates data subjects about their
rights, cajoles them into reading interminable privacy polices,
congratulates them on making 'informed decisions' at the time their data is
obtained but then allows the absolute erosion of those rights by not
requiring 'informed consent' beyond the initial point of obtaining.
This is clearly not about what is right and wrong - that's obvious to most I
hope - but perhaps another example of failure to 'join up' the legislation.
Regards,
Duncan S Smith
Managing Director
iCompli Limited Northampton UK
T: 08707 70 48 66 F: 08707 70 48 69 M: 07775 56 81 80
Mailto:[log in to unmask] Web: www.icompli.co.uk
"Compliance in your language"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|