On Fri, Jan 16, 2004 at 01:41:33PM -0000, Ingrid Wilson wrote:
> Surely, as DP practitioners, our reason for being is to work within
> the spirit of the legislation. Certainly we need to balance this with
> the organisation's interests, however shouldn't it be part of our role
> to argue why the organisation should take a more permissive view than
> Durant about what the person should receive?
Unfortunately my experience over the past 12 months has been the
opposite.
The marjority of private sector companies from whom I have made an SAR
seem to see Data Protection as a hassle, and are keen to provide as
little information as possible.
I was not particularly surprised by the response from companies like
Amazon, but I was hugely surprised by BT. Although I have been a BT
customer for many years, have had services from them that are not exactly
mainstream (I used to be on the list to receive the full BT price list
in the days when it was supplied on paper, took two large lever-arch
files to hold, and had 100+ page updates every couple of weeks), use
their on-line services etc., their response to my SAR took 3 months,
at which point they produced *two sheets* of A4 paper as my data,
consistingly solely of billing records since March 2002, filled
with wonderfully arcane abbreviations such as XDNC, EXCH, NIAMG03,
ANIMXM86, LCJKC02, DIN, OCBD, ETOS, QBILLS, REM1/PCAL FUP, RCN, CM43
DESP and EACP. They provided no information whatsoever
relating to calls made or received by myself, services subscribed to,
charges incurred, previous addresses, credit checks made, faults reported,
engineering work performed, offers made etc.
It took a further 6 months, and a complaint to the OIC (as yet
unacknowledged) before receiving any of this information.
Sadly this is not an isolated case. I have made 10 SARs over the past
year, and only two provided any information within the time limit, and
only one provided what I believe to be sufficient information on the
first response. Several have taken 3 or 4 further enquiries before they
actually provide obvious information.
Many have provided unintelligible information (as with BT, above) and the
standard response seems to be "tell us what you don't understand and we'll
explain it", rather than the "best practice" (usually taken by Financial
Institutions) of providing a booklet explaining all their abbreviations.
One major financial institution even had to have some poor staff member
go through all the sheets they had sent me and write on each what each
part of the screenshot meant - hardly a scalable approach!
Tony
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|